Account Protection Bypass in OPEXUS FOIAXpress Public Access Link
CVE-2025-54833

6.9MEDIUM

Key Information:

Vendor: Opexus
Status: Foiaxpress Public Access Link (pal)
Vendor: CVE Published:; 31 July 2025

What is CVE-2025-54833?

The OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 exposes a significant vulnerability that allows unauthenticated remote attackers to bypass essential security features, such as account lockout mechanisms and CAPTCHA protections. This flaw facilitates brute force attacks on user accounts, making it easier for malicious actors to gain unauthorized access and compromise sensitive information.

Affected Version(s)

FOIAXpress Public Access Link (PAL) 11.1.0 < 11.12.3.0

FOIAXpress Public Access Link (PAL) 11.12.3.0

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2025-54833

https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAX...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Nathan Spidle, CISA

Opexus

What is CVE-2025-54833?

Affected Version(s)

References

CVSS V4

Timeline

Credit