JavaScript Injection Vulnerability in OPEXUS FOIAXpress
CVE-2025-61999

4.8MEDIUM

Key Information:

Vendor: Opexus
Status: Foiaxpress
Vendor: CVE Published:; 7 October 2025

What is CVE-2025-61999?

The OPEXUS FOIAXpress software prior to version 11.13.3.0 is susceptible to a JavaScript injection vulnerability that occurs when an administrative user uploads a logo in SVG format. This SVG may contain malicious JavaScript code that is executed in the context of other users browsing affected pages. Exploiting this vulnerability enables the attacker to manipulate user sessions, potentially compromising confidential information, such as session cookies and user credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FOIAXpress 0 < 11.13.3.0

FOIAXpress 11.13.3.0

References

https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAX...

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2025-61999

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

Aaron M. Ramirez, United States Department of Justice

Wesley Cuffee, United States Department of Justice

JSON

Opexus