CVE-2026-25751

CVSS v4.0

9.1

Critical

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9

Description An information disclosure issue in FUXA allows a remote, unauthenticated attacker to obtain sensitive administrative database credentials. Exploitation allows an attacker to access the full system configuration, including administrative credentials for the InfluxDB database. This access may allow an attacker to read, modify, or delete historical process data, or cause a Denial of Service by corrupting the database. This affects all deployments, including those with runtime.settings.secureEnabled set to true.

Recommendations Update to FUXA version 1.2.10 or later.

Exploit

Fix

DoS

Cleartext Storage of Sensitive Information

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312CWE-306

Related Identifiers

CVE-2026-25751

GHSA-C5GQ-4H56-4MMX

Affected Products

Fuxa

Influxdb

CVE-2026-25751

Weakness Enumeration

Related Identifiers

Affected Products

References · 10