CVE-2025-62586
CRITICALOPEXUS FOIAXpress 11.1.0-11.13.1.9 - Unauthenticated Administrator Password Reset
Title source: llmDescription
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
References (3)
Core 3
Core References
Release Notes
https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.2.0.pdf
Third Party Advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-289-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-62586
Scores
CVSS v3
9.8
EPSS
0.0066
EPSS Percentile
46.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
opexustech/foiaxpress
11.1.0 - 11.13.2.0
Published
Oct 16, 2025
Tracked Since
Feb 18, 2026