CVE-2026-25951

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.2.11

Description FUXA is a web-based Process Visualization software. A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. Utilizing nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This can lead to Remote Code Execution (RCE) when the server reloads the malicious scripts. The vulnerability is related to insufficient input validation when handling file paths.

Recommendations Update to version 1.2.11 or later.

Exploit

Fix

RCE

Path traversal

Relative Path Traversal

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23CWE-184

Related Identifiers

CVE-2026-25951

GHSA-68M5-5W2H-H837

Affected Products

Fuxa

CVE-2026-25951

Weakness Enumeration

Related Identifiers

Affected Products

References · 15