CVE-2026-25752

Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9

Description FUXA is a web-based Process Visualization software. An authorization bypass allows a remote attacker to modify device tags via WebSockets. Exploitation bypasses role-based access controls, enabling attackers to overwrite device tags or disable communication drivers, potentially manipulating physical processes and disconnected devices. The runtime.settings.secureEnabled setting does not prevent exploitation.

Recommendations Update to version 1.2.10 or later.