QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25893

Published: Feb 9, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has been patched in FUXA version 1.2.10.

Vendor	Product	Versions
frangoteam	FUXA	affected `< 1.2.10`

Weaknesses (CWE)

References

https://github.com/frangoteam/FUXA/security/advisories/GHSA-vwcg-c828-9822

x_refsource_CONFIRM

https://github.com/frangoteam/FUXA/commit/fe82348d160904d0013b9a3e267d50158f5c7afb

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.