CVE-2026-25751

HIGH

7.5

Beschreibung

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/6/2026

Zuletzt geandert2/10/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

frangoteam:fuxa

Schwachen (CWE)

CWE-306CWE-312

Referenzen

https://github.com/frangoteam/FUXA/releases/tag/v1.2.10(security-advisories@github.com)

https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx(security-advisories@github.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.