5.3
CVE-2025-54832
- EPSS 0.31%
- Veröffentlicht 31.07.2025 17:25:27
- Zuletzt bearbeitet 23.01.2026 02:37:55
- Quelle 9119a7d8-5eab-497f-8521-727c67
- CVE-Watchlists
- Unerledigt
LoginOPEXUS FOIAXpress Public Access Link (PAL) state and territory list unauthorized modification
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opexustech ≫ Foiaxpress Public Access Link Version >= 11.1.0 < 11.12.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.227 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-472 External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json
https://www.cve.org/CVERecord?id=CVE-2025-54832
https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf