CVE-2026-25751
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Summary
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| frangoteam | FUXA | < 1.2.10 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
- CWE-312: CWE-312: Cleartext Storage of Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx
- https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.