9.8
CVE-2026-25894
- EPSS 0.76%
- Veröffentlicht 09.02.2026 22:28:46
- Zuletzt bearbeitet 13.02.2026 20:33:42
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Frangoteam ≫ Fuxa Version < 1.2.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.504 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d