CVE-2026-25751
published 2026-02-06CVE-2026-25751: FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.27%
18.4th percentile
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| frangoteam | fuxa | < 1.2.10 | 1.2.10 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.09.1CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
FUXA Unauthenticated Exposure of Plaintext Database Credentials
osv·2026-02-05
CVE-2026-25751 [CRITICAL] FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA Unauthenticated Exposure of Plaintext Database Credentials
### Description
An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
### Impact
This affects all deployments, including those with `runtime.settings.secureEnabled` set to `true`.
Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Servic
GHSA
FUXA Unauthenticated Exposure of Plaintext Database Credentials
ghsa·2026-02-05
CVE-2026-25751 [CRITICAL] CWE-306 FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA Unauthenticated Exposure of Plaintext Database Credentials
### Description
An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
### Impact
This affects all deployments, including those with `runtime.settings.secureEnabled` set to `true`.
Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Servic
No detection rules found.
No public exploits indexed.
2026-02-06
Published