QwikSec

Security Database

CVE

CWE

Training

CVE-2026-25894

Published: Feb 9, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.

Vendor	Product	Versions
frangoteam	FUXA	affected `< 1.2.10`

Weaknesses (CWE)

References

https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg

x_refsource_CONFIRM

https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d

x_refsource_MISC

https://github.com/frangoteam/FUXA/releases/tag/v1.2.10

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.