CVE-2025-54833

Published: Jul 31, 2025Modified: Jan 23, 2026

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: 9119a7d8-5eab-497f-8521-727c672e3725 (Secondary)

Description

OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.

Affected (1)

Products: Opexustech: Foiaxpress Public Access Link

1 product

Foiaxpress Public Access Link

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opexustech Foiaxpress Public Access Link	From 11.1.0 to 11.12.3.0

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (3)

https://docs.opexustech.com/docs/foiaxpress/11.12.0/FOIAXpress_Release_notes_11.12.3.0.pdf

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Release Notes

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-174-01.json

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Product

https://www.cve.org/CVERecord?id=CVE-2025-54833

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Third Party Advisory

Timeline

No history available yet.