修正版
11.13.1.0
CVE-2025-58462 describes a critical SQL Injection vulnerability affecting OPEXUS FOIAXpress Public Access Link (PAL) versions prior to 11.13.1.0. This flaw allows a remote, unauthenticated attacker to manipulate the underlying database, potentially leading to data breaches and system compromise. The vulnerability resides in the SearchPopularDocs.aspx endpoint and is addressed with the release of version 11.13.1.0.
The SQL Injection vulnerability in FOIAXpress PAL poses a significant risk to organizations utilizing this software. An attacker exploiting this flaw can bypass authentication and directly interact with the database. This allows for unauthorized access to sensitive data, including personally identifiable information (PII), confidential documents, and system configuration details. The attacker could also modify or delete data, leading to data loss and disruption of services. The lack of authentication requirements amplifies the risk, as any external user can attempt exploitation. Successful exploitation could result in a complete compromise of the system and its data, similar to scenarios where database credentials are leaked or improperly configured.
CVE-2025-58462 was publicly disclosed on 2025-09-09. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SQL injection vulnerabilities suggests that such exploits are likely to emerge. It is not currently listed on the CISA KEV catalog.
Organizations utilizing FOIAXpress PAL for public document access are at risk, particularly those with older, unpatched installations. Shared hosting environments where multiple users share the same database instance are especially vulnerable, as a compromise of one user's account could lead to a broader data breach. Organizations relying on FOIAXpress PAL for sensitive data management should prioritize patching.
• linux / server: Monitor access logs for requests to SearchPopularDocs.aspx containing unusual characters or SQL keywords (e.g., UNION, SELECT, INSERT, DELETE).
grep -i 'UNION|SELECT|INSERT|DELETE' /var/log/apache2/access.log | grep SearchPopularDocs.aspx• generic web: Use curl to test the SearchPopularDocs.aspx endpoint with various SQL injection payloads to observe the application's response.
curl 'http://your-foiaxpress-server/SearchPopularDocs.aspx?q=1+UNION+SELECT+@@version' -v• database (mysql): If database access is possible, check for unusual database entries or modifications that could indicate exploitation.
SELECT * FROM users WHERE username LIKE '%malicious%';disclosure
エクスプロイト状況
EPSS
0.08% (24% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-58462 is to immediately upgrade FOIAXpress PAL to version 11.13.1.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the SearchPopularDocs.aspx endpoint using a Web Application Firewall (WAF) or proxy server, implementing strict input validation rules to filter out potentially malicious SQL queries. Regularly review database access logs for suspicious activity and implement strong database security practices, including least privilege access controls. Consider implementing a Content Security Policy (CSP) to restrict the resources that the application can load, further limiting the potential impact of a successful SQL injection attack.
Actualice FOIAXpress Public Access Link (PAL) a la versión 11.13.1.0 o superior. Esta versión corrige la vulnerabilidad de inyección SQL. Consulte las notas de la versión en el sitio web del proveedor para obtener más detalles sobre la actualización.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-58462 is a critical SQL Injection vulnerability in OPEXUS FOIAXpress Public Access Link (PAL) versions 0–11.13.1.0, allowing attackers to manipulate the database.
If you are running FOIAXpress PAL versions 0–11.13.1.0, you are vulnerable to this SQL Injection flaw.
Upgrade to version 11.13.1.0 or later. As a temporary workaround, restrict access to SearchPopularDocs.aspx with a WAF and implement input validation.
While no public exploits are currently available, the vulnerability's severity suggests a high likelihood of exploitation.
Refer to the OPEXUS website or security mailing lists for the official advisory regarding CVE-2025-58462.