CVE-2026-25752
📋 TL;DR
An authorization bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to modify device tags via WebSockets. This enables attackers to bypass role-based access controls, overwrite arbitrary device tags, or disable communication drivers, potentially manipulating physical processes in connected ICS/SCADA environments. All FUXA installations through version 1.2.9 are affected.
💻 Affected Systems
- FUXA
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized control over industrial processes, manipulate physical equipment, cause safety incidents, or disrupt critical infrastructure operations through tag manipulation and driver disabling.
Likely Case
Unauthorized modification of device tags leading to incorrect process visualization, data manipulation, or temporary disruption of HMI communications with field devices.
If Mitigated
Limited impact with proper network segmentation, WebSocket filtering, and monitoring that detects unauthorized tag modifications before they affect physical processes.
🎯 Exploit Status
The advisory describes specific WebSocket endpoints vulnerable to authorization bypass. While no public PoC exists, the vulnerability is straightforward to exploit given the technical details provided.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.10
Vendor Advisory: https://github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8
Restart Required: Yes
Instructions:
1. Download FUXA version 1.2.10 from GitHub releases. 2. Stop the FUXA service. 3. Replace the existing installation with version 1.2.10. 4. Restart the FUXA service. 5. Verify the update by checking the version in the web interface.
🔧 Temporary Workarounds
Network Segmentation and WebSocket Filtering
allRestrict WebSocket connections to trusted networks and implement firewall rules to block unauthorized WebSocket traffic to FUXA instances.
Reverse Proxy with Authentication
allPlace FUXA behind a reverse proxy that requires authentication before forwarding WebSocket connections to the application.
🧯 If You Can't Patch
- Isolate FUXA instances from untrusted networks and implement strict network access controls
- Monitor WebSocket traffic for unauthorized tag modification attempts and implement alerting
🔍 How to Verify
Check if Vulnerable:
Check FUXA version in web interface or configuration files. Versions 1.2.9 and earlier are vulnerable.Check Version:
Check FUXA web interface or examine package/installation versionVerify Fix Applied:
Verify version is 1.2.10 or later in web interface and test that unauthenticated WebSocket connections cannot modify device tags.📡 Detection & Monitoring
Log Indicators:
- Unauthorized WebSocket connection attempts
- Device tag modifications from unauthenticated sources
- Failed authentication events followed by successful tag changes
Network Indicators:
- WebSocket traffic to FUXA from unauthorized sources
- Unusual patterns of tag modification requests via WebSocket
SIEM Query:
websocket AND (fuxa OR port:target_port) AND (tag_modification OR unauthorized_access)