Unrated severityNVD Advisory· Published Jul 31, 2025· Updated Jul 31, 2025
OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration
CVE-2025-54834
Description
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= v11.1.0+ 1 more
- (no CPE)range: = v11.1.0
- (no CPE)range: 11.1.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.