CVE-2025-62586

Description

OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.

PUBLISHED Reserved 2025-10-16 | Published 2025-10-16 | Updated 2025-10-17 | Assigner cisa-cg

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Credits

Matthew Zamat, CISA

References

docs.opexustech.com/...OIAXpress_Release_Notes_11.13.2.0.pdf (url)

raw.githubusercontent.com/...IT/white/2025/va-25-289-01.json (url)

www.cve.org/CVERecord?id=CVE-2025-62586 (url)

cve.org (CVE-2025-62586)

nvd.nist.gov (CVE-2025-62586)

Download JSON