CVE-2025-58462 identifies a critical SQL injection vulnerability in the OPEXUS FOIAXpress Public Access Link (PAL) product, specifically affecting versions before 11.13.1.0. The vulnerability resides in the SearchPopularDocs.aspx page, which fails to properly neutralize special characters in SQL commands, classified under CWE-89. This improper input validation allows an unauthenticated remote attacker to inject malicious SQL queries directly into the backend database. As a result, attackers can read sensitive data, modify records, or delete database content, potentially leading to full compromise of the data store. The vulnerability does not require any privileges or user interaction, making it trivially exploitable over the network. The CVSS v4.0 score of 9.3 reflects the high impact on confidentiality, integrity, and availability, combined with the low attack complexity and no required authentication. Although no public exploit code or active exploitation has been reported yet, the nature of SQL injection vulnerabilities and the critical access it grants make this a severe threat. The absence of a published patch at the time of disclosure increases the urgency for organizations to implement compensating controls or upgrade once available. FOIAXpress PAL is widely used in public records and information access systems, amplifying the potential impact on government transparency portals and public data repositories.

The impact of CVE-2025-58462 is substantial for organizations using OPEXUS FOIAXpress PAL, particularly those managing sensitive public records or government information. Successful exploitation can lead to unauthorized disclosure of confidential information, data tampering, or complete deletion of critical database contents, undermining trust and operational continuity. This can result in regulatory non-compliance, reputational damage, and potential legal liabilities. The vulnerability's remote, unauthenticated nature means attackers can exploit it without insider access or user interaction, increasing the attack surface significantly. Public sector entities, legal offices, and organizations relying on FOIAXpress for transparency and information dissemination are especially vulnerable. The potential for data manipulation also raises concerns about misinformation or disruption of public services. Given the critical severity and ease of exploitation, widespread attacks could cause significant disruption and data breaches globally.

Immediate mitigation should focus on upgrading FOIAXpress PAL to version 11.13.1.0 or later once available, as this will contain the official patch addressing the SQL injection flaw. Until a patch is deployed, organizations should implement strict input validation and sanitization at the web application firewall (WAF) or reverse proxy level to block malicious SQL payloads targeting SearchPopularDocs.aspx. Employing parameterized queries or prepared statements in custom integrations can reduce injection risks. Monitoring and logging all database queries and web requests to detect anomalous patterns indicative of SQL injection attempts is critical. Restricting database user permissions to the minimum necessary can limit damage if exploitation occurs. Additionally, isolating the FOIAXpress PAL server within segmented network zones and applying strict access controls can reduce exposure. Regular vulnerability scanning and penetration testing focused on SQL injection vectors should be conducted to verify mitigation effectiveness. Finally, organizations should prepare incident response plans for potential data breaches stemming from this vulnerability.