SQL Injection Vulnerability in OPEXUS FOIAXpress Public Access Link
CVE-2025-58462

9.3CRITICAL

Key Information:

Vendor: Opexus
Status: Foiaxpress Public Access Link (pal)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-58462?

The OPEXUS FOIAXpress Public Access Link (PAL) prior to version 11.13.1.0 is susceptible to SQL injection vulnerabilities through the SearchPopularDocs.aspx endpoint. This flaw allows remote, unauthenticated attackers to execute arbitrary SQL commands, potentially leading to unauthorized reading, writing, or deletion of data in the database. As a result, sensitive information may be compromised if exploited.

Affected Version(s)

FOIAXpress Public Access Link (PAL) 0 < 11.13.1.0

FOIAXpress Public Access Link (PAL) 11.13.1.0

References

https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAX...

https://www.cve.org/CVERecord?id=CVE-2025-58462

https://github.com/cisagov/CSAF/blob/develop/csaf_files/I...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 2, 2025

Credit

, undefined

Opexus

What is CVE-2025-58462?

Affected Version(s)

References

CVSS V4

Timeline

Credit