CVE-2025-61998 is a cross-site scripting vulnerability classified under CWE-79 affecting OPEXUS FOIAXpress versions prior to 11.13.3.0. The flaw arises from improper neutralization of input during web page generation within the Technical Support Hyperlink Manager feature. Specifically, an administrative user can inject arbitrary JavaScript or other executable content as part of a URL. When other users subsequently click the maliciously crafted hyperlink, the injected script executes within their browser context, effectively running with the privileges of the victim user. This enables the attacker to perform unauthorized actions such as stealing session cookies, harvesting user credentials, or accessing sensitive information that the victim user can access. The vulnerability requires that the attacker already has administrative privileges to insert the malicious link and that the victim user interacts by clicking the link. The CVSS v4.0 score is 4.8 (medium severity), reflecting the need for privileges and user interaction but also the potential impact on confidentiality and integrity. No public exploits or active exploitation campaigns have been reported to date. The vulnerability does not affect the system’s availability directly but can lead to significant data compromise if exploited. The lack of a patch link suggests that a fix may be pending or recently released. Organizations using FOIAXpress should audit administrative user activities and review hyperlink content for malicious injections.

For European organizations, the impact of this vulnerability can be significant, especially for those handling sensitive or regulated information through FOIAXpress, a tool commonly used for Freedom of Information Act (FOIA) request management and document processing. Successful exploitation could lead to unauthorized disclosure of confidential data, including personal data protected under GDPR, thereby risking regulatory penalties and reputational damage. The ability to hijack sessions or steal credentials could facilitate further lateral movement within the organization’s network, escalating the threat beyond the initial vulnerability. However, the requirement for administrative privileges to inject malicious content limits the attack surface to insider threats or compromised admin accounts. User interaction is also necessary, which may reduce the likelihood of widespread automated exploitation but does not eliminate targeted phishing or social engineering risks. Organizations with large user bases or multiple administrative users face higher risk due to increased chances of malicious link exposure. The vulnerability could also undermine trust in FOIAXpress as a secure platform for managing sensitive information, impacting operational continuity and compliance.

To mitigate CVE-2025-61998, European organizations should implement the following specific measures: 1) Immediately restrict administrative privileges to the minimum necessary personnel and enforce strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of admin account compromise. 2) Conduct thorough audits of all hyperlinks managed via the Technical Support Hyperlink Manager to detect and remove any suspicious or unauthorized JavaScript injections. 3) Educate users about the risks of clicking unknown or unexpected links, especially those originating from internal administrative sources. 4) Monitor logs for unusual administrative activities or hyperlink modifications that could indicate exploitation attempts. 5) Apply any available patches or updates from OPEXUS as soon as they are released; if no patch is currently available, consider implementing web application firewalls (WAFs) with custom rules to detect and block malicious script injections in URLs. 6) Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 7) Segregate FOIAXpress administrative interfaces from general user environments to limit exposure. 8) Regularly review and update security policies related to FOIAXpress usage and administrative controls.