CVE-2026-25894

Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9

Description FUXA is a web-based Process Visualization software. An insecure default configuration allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This occurs when authentication is enabled, but the administrator JWT secret is not configured. Exploitation involves forging JWTs to bypass authentication mechanisms and obtain administrative access. With elevated privileges, an attacker can interact with administrative APIs to execute arbitrary code within the FUXA service, potentially leading to full system compromise and impacting connected ICS/SCADA environments.

Recommendations Update FUXA to version 1.2.10.