CVE-2025-58462 is a critical SQL injection vulnerability identified in the OPEXUS FOIAXpress Public Access Link (PAL) product, specifically affecting versions prior to 11.13.1.0. The vulnerability resides in the SearchPopularDocs.aspx component, which fails to properly neutralize special elements in SQL commands, allowing an attacker to inject malicious SQL code. This improper input validation (CWE-89) enables a remote, unauthenticated attacker to execute arbitrary SQL queries against the underlying database. The attacker can read, modify, or delete any data stored within the database, potentially compromising the confidentiality, integrity, and availability of the system. The vulnerability is remotely exploitable without any authentication or user interaction, making it highly accessible to threat actors. The CVSS 4.0 base score of 9.3 reflects the critical nature of this flaw, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). No known exploits are currently reported in the wild, but the severity and ease of exploitation make it a significant risk if left unpatched. The absence of available patches at the time of publication increases the urgency for organizations to implement compensating controls.

For European organizations using OPEXUS FOIAXpress PAL, this vulnerability poses a severe risk. FOIAXpress is commonly used by government agencies, public institutions, and organizations managing Freedom of Information Act (FOIA) requests and public records. Exploitation could lead to unauthorized disclosure of sensitive public data, manipulation or deletion of records, and disruption of public access services. This could result in loss of public trust, legal liabilities under GDPR for data breaches, and operational downtime. Given the criticality and unauthenticated remote exploitability, attackers could leverage this vulnerability to conduct espionage, sabotage, or data theft. The impact is particularly acute for organizations handling large volumes of sensitive or regulated information, including personal data, which is subject to strict European data protection laws. Additionally, the ability to modify or delete data threatens data integrity and availability, potentially undermining transparency and compliance obligations.

1. Immediate patching: Organizations should prioritize upgrading FOIAXpress PAL to version 11.13.1.0 or later once patches are released by OPEXUS. 2. Web application firewall (WAF): Deploy and configure a WAF with rules specifically designed to detect and block SQL injection attempts targeting SearchPopularDocs.aspx and related endpoints. 3. Input validation and sanitization: Implement additional input validation layers at the application or proxy level to filter out malicious SQL syntax or special characters. 4. Database access controls: Restrict database user permissions used by the FOIAXpress application to the minimum necessary, preventing unauthorized data modification or deletion even if SQL injection occurs. 5. Monitoring and logging: Enable detailed logging of web application and database activities to detect anomalous queries or access patterns indicative of exploitation attempts. 6. Network segmentation: Isolate the FOIAXpress servers from critical internal networks to limit lateral movement in case of compromise. 7. Incident response readiness: Prepare and test incident response plans to quickly contain and remediate any exploitation events. 8. Vendor engagement: Maintain close communication with OPEXUS for timely updates and patches.