CVE-2025-61996 – This vulnerability allows administrative users ... (How to Fix)

Q: What is the severity of CVE-2025-61996?

CVE-2025-61996 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows administrative users in OPEXUS FOIAXpress to inject malicious JavaScript into Annual Report Templates. When other users generate these reports, the injected code executes in their context, potentially enabling session hijacking, credential theft, or data exfiltration. Only organizations using vulnerable versions of FOIAXpress are affected.

📋 TL;DR

This vulnerability allows administrative users in OPEXUS FOIAXpress to inject malicious JavaScript into Annual Report Templates. When other users generate these reports, the injected code executes in their context, potentially enabling session hijacking, credential theft, or data exfiltration. Only organizations using vulnerable versions of FOIAXpress are affected.

💻 Affected Systems

Products:

OPEXUS FOIAXpress

Versions: All versions before 11.13.3.0

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to exploit; affects all deployments with vulnerable versions.

📦 What is this software?

Foiaxpress by Opexustech

View all CVEs affecting Foiaxpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrative user compromises other user accounts, steals sensitive data, or performs unauthorized actions leading to data breach or system compromise.

🟠

Likely Case

Privileged insider or compromised admin account steals session cookies or credentials from other users.

🟢

If Mitigated

Limited impact due to proper access controls, monitoring, and prompt patching.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires administrative privileges; exploitation involves injecting JavaScript into report templates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.13.3.0

Vendor Advisory: https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.3.0.pdf

Restart Required: No

Instructions:

1. Download FOIAXpress version 11.13.3.0 from OPEXUS. 2. Follow vendor upgrade instructions. 3. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative accounts to trusted personnel only and implement strict access controls.

Monitor Report Template Changes

all

Implement logging and alerting for modifications to Annual Report Templates.

🧯 If You Can't Patch

Implement strict principle of least privilege for administrative accounts.
Deploy web application firewall (WAF) with XSS protection rules.

🔍 How to Verify

Check if Vulnerable:

Check FOIAXpress version in application settings or administrative console.

Check Version:

Check via FOIAXpress administrative interface or application properties.

Verify Fix Applied:

Confirm version is 11.13.3.0 or later in application settings.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to Annual Report Templates
JavaScript injection patterns in template content

Network Indicators:

Unexpected outbound connections during report generation

SIEM Query:

Search for events where administrative users modify report templates followed by unusual user activity.

📊 Metadata

CVE ID: CVE-2025-61996

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: October 8, 2025

Last Updated: October 22, 2025

🔗 References

https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.3.0.pdf Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-280-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61996 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61996, you might also want to check these: