← Volver a CVEs
CVE-2025-69981
CRITICAL9.8
Descripcion
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/3/2026
Ultima modificacion2/11/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
frangoteam:fuxa
Debilidades (CWE)
CWE-434CWE-434
Referencias
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.