CVE-2025-69981

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7

Description FUXA version 1.2.7 has an Unrestricted File Upload issue in the /api/upload API endpoint. The endpoint does not require authentication, which allows unauthenticated remote attackers to upload arbitrary files. Attackers can exploit this to overwrite critical system files, like the SQLite user database, to obtain administrative access, or upload malicious scripts to execute arbitrary code. The vulnerable parameter is the file uploaded to the /api/upload endpoint.

Recommendations Apply a fix or update to address the unrestricted file upload issue in the /api/upload API endpoint. Implement authentication mechanisms for the /api/upload endpoint to prevent unauthorized file uploads.