Home
HIGH: 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/S:N/AU:Y/R:U/V:D/RE:M/U:RedCRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unknown
11.1.0 (custom) before 11.13.2.0
affected
11.13.2.0
unaffected
Description
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
11.1.0 (custom) before 11.13.2.0
11.13.2.0
Credits
Matthew Zamat, CISA
References
docs.opexustech.com/...OIAXpress_Release_Notes_11.13.2.0.pdf (url)
raw.githubusercontent.com/...IT/white/2025/va-25-289-01.json (url)
www.cve.org/CVERecord?id=CVE-2025-62586 (url)
