CVE-2026-25751
📋 TL;DR
An information disclosure vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to retrieve sensitive administrative database credentials. This affects all FUXA installations through version 1.2.9. Attackers can use these credentials to access, modify, or delete historical process data stored in InfluxDB.
💻 Affected Systems
- FUXA
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of historical process data including reading, modification, deletion, or database corruption leading to operational disruption and potential safety implications in industrial environments.
Likely Case
Unauthorized access to sensitive process data, potential data manipulation, and loss of data integrity in SCADA/HMI systems.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external access to vulnerable systems.
🎯 Exploit Status
The vulnerability allows unauthenticated credential retrieval, making exploitation straightforward once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.10
Vendor Advisory: https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx
Restart Required: Yes
Instructions:
1. Download FUXA version 1.2.10 from GitHub releases. 2. Stop the FUXA service. 3. Replace existing installation with version 1.2.10. 4. Restart the FUXA service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate FUXA systems from untrusted networks and restrict access to authorized IP addresses only.
Firewall Rules
allImplement strict firewall rules to block external access to FUXA web interfaces.
🧯 If You Can't Patch
- Immediately isolate vulnerable systems from all networks, especially internet-facing connections
- Implement strict network access controls and monitor all access attempts to FUXA systems
🔍 How to Verify
Check if Vulnerable:
Check FUXA version via web interface or configuration files. Versions 1.2.9 and earlier are vulnerable.Check Version:
Check FUXA web interface or configuration files for version informationVerify Fix Applied:
Confirm FUXA version is 1.2.10 or later and test that administrative credentials are no longer accessible via unauthenticated requests.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to configuration endpoints
- Unusual database access patterns from unexpected sources
Network Indicators:
- Unusual HTTP requests to FUXA configuration endpoints from external IPs
- Database connection attempts using administrative credentials from unauthorized sources
SIEM Query:
source="FUXA" AND (url_path CONTAINS "/config" OR url_path CONTAINS "/credentials") AND http_status=200 AND auth_status="unauthenticated"