Platform
other
Component
csaf
Fixed in
11.13.1.0
CVE-2025-58462 describes a critical SQL Injection vulnerability affecting OPEXUS FOIAXpress Public Access Link (PAL) versions prior to 11.13.1.0. This flaw allows a remote, unauthenticated attacker to manipulate the underlying database, potentially leading to data breaches and system compromise. The vulnerability resides in the SearchPopularDocs.aspx endpoint and is addressed with the release of version 11.13.1.0.
The SQL Injection vulnerability in FOIAXpress PAL poses a significant risk to organizations utilizing this software. An attacker exploiting this flaw can bypass authentication and directly interact with the database. This allows for unauthorized access to sensitive data, including personally identifiable information (PII), confidential documents, and system configuration details. The attacker could also modify or delete data, leading to data loss and disruption of services. The lack of authentication requirements amplifies the risk, as any external user can attempt exploitation. Successful exploitation could result in a complete compromise of the system and its data, similar to scenarios where database credentials are leaked or improperly configured.
CVE-2025-58462 was publicly disclosed on 2025-09-09. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SQL injection vulnerabilities suggests that such exploits are likely to emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58462 is to immediately upgrade FOIAXpress PAL to version 11.13.1.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the SearchPopularDocs.aspx endpoint using a Web Application Firewall (WAF) or proxy server, implementing strict input validation rules to filter out potentially malicious SQL queries. Regularly review database access logs for suspicious activity and implement strong database security practices, including least privilege access controls. Consider implementing a Content Security Policy (CSP) to restrict the resources that the application can load, further limiting the potential impact of a successful SQL injection attack.
Actualice FOIAXpress Public Access Link (PAL) a la versión 11.13.1.0 o superior. Esta versión corrige la vulnerabilidad de inyección SQL. Consulte las notas de la versión en el sitio web del proveedor para obtener más detalles sobre la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58462 is a critical SQL Injection vulnerability in OPEXUS FOIAXpress Public Access Link (PAL) versions 0–11.13.1.0, allowing attackers to manipulate the database.
If you are running FOIAXpress PAL versions 0–11.13.1.0, you are vulnerable to this SQL Injection flaw.
Upgrade to version 11.13.1.0 or later. As a temporary workaround, restrict access to SearchPopularDocs.aspx with a WAF and implement input validation.
While no public exploits are currently available, the vulnerability's severity suggests a high likelihood of exploitation.
Refer to the OPEXUS website or security mailing lists for the official advisory regarding CVE-2025-58462.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.