CVE-2025-69970

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7

Description The software initializes with authentication disabled due to the 'secureEnabled' flag being commented out in the 'server/settings.default.js' file. This allows unauthenticated remote attackers to access sensitive ''API endpoints'', modify projects, and control industrial equipment immediately after installation.

Recommendations Ensure the 'secureEnabled' flag is uncommented in the 'server/settings.default.js' file to enable authentication.

Fix

XSS

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188CWE-79CWE-306

Related Identifiers

CVE-2025-69970

GHSA-R5M2-FQCF-QRF7

Affected Products

Fuxa

CVE-2025-69970

Weakness Enumeration

Related Identifiers

Affected Products

References · 7