We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner cisa-cgCWE-204 Observable Response Discrepancy
Nathan Spidle, CISA
raw.githubusercontent.com/...IT/white/2025/va-25-174-01.json (url)
www.cve.org/CVERecord?id=CVE-2025-54834 (url)
docs.opexustech.com/...OIAXpress_Release_notes_11.12.3.0.pdf (url)
Support options