OPEXUS FOIAXpress PAL SQL injection
traduzindo…Plataforma
other
Componente
csaf
Corrigido em
11.13.1.0
CVE-2025-58462 describes a critical SQL Injection vulnerability affecting OPEXUS FOIAXpress Public Access Link (PAL) versions prior to 11.13.1.0. This flaw allows a remote, unauthenticated attacker to manipulate the underlying database, potentially leading to data breaches and system compromise. The vulnerability resides in the SearchPopularDocs.aspx endpoint and is addressed with the release of version 11.13.1.0.
Impacto e Cenários de Ataquetraduzindo…
The SQL Injection vulnerability in FOIAXpress PAL poses a significant risk to organizations utilizing this software. An attacker exploiting this flaw can bypass authentication and directly interact with the database. This allows for unauthorized access to sensitive data, including personally identifiable information (PII), confidential documents, and system configuration details. The attacker could also modify or delete data, leading to data loss and disruption of services. The lack of authentication requirements amplifies the risk, as any external user can attempt exploitation. Successful exploitation could result in a complete compromise of the system and its data, similar to scenarios where database credentials are leaked or improperly configured.
Contexto de Exploraçãotraduzindo…
CVE-2025-58462 was publicly disclosed on 2025-09-09. The vulnerability's CRITICAL CVSS score indicates a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits, but the ease of exploitation inherent in SQL injection vulnerabilities suggests that such exploits are likely to emerge. It is not currently listed on the CISA KEV catalog.
Quem Está em Riscotraduzindo…
Organizations utilizing FOIAXpress PAL for public document access are at risk, particularly those with older, unpatched installations. Shared hosting environments where multiple users share the same database instance are especially vulnerable, as a compromise of one user's account could lead to a broader data breach. Organizations relying on FOIAXpress PAL for sensitive data management should prioritize patching.
Passos de Detecçãotraduzindo…
• linux / server: Monitor access logs for requests to SearchPopularDocs.aspx containing unusual characters or SQL keywords (e.g., UNION, SELECT, INSERT, DELETE).
grep -i 'UNION|SELECT|INSERT|DELETE' /var/log/apache2/access.log | grep SearchPopularDocs.aspx• generic web: Use curl to test the SearchPopularDocs.aspx endpoint with various SQL injection payloads to observe the application's response.
curl 'http://your-foiaxpress-server/SearchPopularDocs.aspx?q=1+UNION+SELECT+@@version' -v• database (mysql): If database access is possible, check for unusual database entries or modifications that could indicate exploitation.
SELECT * FROM users WHERE username LIKE '%malicious%';Linha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
0.08% (percentil 24%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Alto — falha completa ou esgotamento de recursos. Negação de serviço total.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2025-58462 is to immediately upgrade FOIAXpress PAL to version 11.13.1.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the SearchPopularDocs.aspx endpoint using a Web Application Firewall (WAF) or proxy server, implementing strict input validation rules to filter out potentially malicious SQL queries. Regularly review database access logs for suspicious activity and implement strong database security practices, including least privilege access controls. Consider implementing a Content Security Policy (CSP) to restrict the resources that the application can load, further limiting the potential impact of a successful SQL injection attack.
Como corrigirtraduzindo…
Actualice FOIAXpress Public Access Link (PAL) a la versión 11.13.1.0 o superior. Esta versión corrige la vulnerabilidad de inyección SQL. Consulte las notas de la versión en el sitio web del proveedor para obtener más detalles sobre la actualización.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2025-58462 — SQL Injection in FOIAXpress PAL?
CVE-2025-58462 is a critical SQL Injection vulnerability in OPEXUS FOIAXpress Public Access Link (PAL) versions 0–11.13.1.0, allowing attackers to manipulate the database.
Am I affected by CVE-2025-58462 in FOIAXpress PAL?
If you are running FOIAXpress PAL versions 0–11.13.1.0, you are vulnerable to this SQL Injection flaw.
How do I fix CVE-2025-58462 in FOIAXpress PAL?
Upgrade to version 11.13.1.0 or later. As a temporary workaround, restrict access to SearchPopularDocs.aspx with a WAF and implement input validation.
Is CVE-2025-58462 being actively exploited?
While no public exploits are currently available, the vulnerability's severity suggests a high likelihood of exploitation.
Where can I find the official OPEXUS advisory for CVE-2025-58462?
Refer to the OPEXUS website or security mailing lists for the official advisory regarding CVE-2025-58462.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.