User Enumeration Vulnerability in OPEXUS FOIAXpress Software
CVE-2025-54834

6.9MEDIUM

Key Information:

Vendor: Opexus
Status: Foiaxpress Public Access Link (pal)
Vendor: CVE Published:; 31 July 2025

What is CVE-2025-54834?

A vulnerability in OPEXUS FOIAXpress version 11.1.0 permits an unauthenticated remote attacker to leverage the /App/CreateRequest.aspx endpoint to ascertain the existence of valid usernames. This absence of rate-limiting mechanisms allows for repeated attempts, which can potentially expose user data and weaken overall system security.

Affected Version(s)

FOIAXpress Public Access Link (PAL) 11.1.0 < 11.12.3.0

FOIAXpress Public Access Link (PAL) 11.12.3.0

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2025-54834

https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAX...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Nathan Spidle, CISA

Opexus

What is CVE-2025-54834?

Affected Version(s)

References

CVSS V4

Timeline

Credit