Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-25894
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-09 Feb, 2026 | 22:28
Updated At-11 Feb, 2026 | 21:25
Rejected At-
▼CVE Numbering Authority (CNA)
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.

Affected Products
Vendor
frangoteam
Product
FUXA
Versions
Affected
  • < 1.2.10
Problem Types
TypeCWE IDDescription
CWECWE-321CWE-321: Use of Hard-coded Cryptographic Key
CWECWE-1188CWE-1188: Insecure Default Initialization of Resource
Type: CWE
CWE ID: CWE-321
Description: CWE-321: Use of Hard-coded Cryptographic Key
Type: CWE
CWE ID: CWE-1188
Description: CWE-1188: Insecure Default Initialization of Resource
Metrics
VersionBase scoreBase severityVector
4.09.5CRITICAL
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 9.5
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
x_refsource_CONFIRM
https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d
x_refsource_MISC
https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
x_refsource_MISC
Hyperlink: https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d
Resource:
x_refsource_MISC
Hyperlink: https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found