CVE-2026-25894
📋 TL;DR
An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to gain administrative access and execute arbitrary code on the server. This affects FUXA versions through 1.2.9 when authentication is enabled but the administrator JWT secret is not configured. Organizations using FUXA for industrial control system visualization are at risk.
💻 Affected Systems
- FUXA
📦 What is this software?
Fuxa by Frangoteam
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the SCADA/HMI server leading to arbitrary code execution, potential control system manipulation, data theft, and lateral movement to other industrial systems.
Likely Case
Unauthenticated attackers gain administrative access to the FUXA interface, allowing them to modify dashboards, access sensitive industrial data, and potentially execute code on the server.
If Mitigated
Attackers cannot gain administrative access or execute code if proper JWT secret configuration is in place or the system is patched.
🎯 Exploit Status
The vulnerability stems from missing JWT secret configuration, making exploitation straightforward for attackers who discover the issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.10
Vendor Advisory: https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
Restart Required: Yes
Instructions:
1. Download FUXA version 1.2.10 from GitHub releases. 2. Stop the FUXA service. 3. Replace the existing installation with the new version. 4. Restart the FUXA service. 5. Verify the administrator JWT secret is properly configured.
🔧 Temporary Workarounds
Configure JWT Secret
allManually configure a strong administrator JWT secret in the FUXA configuration to prevent unauthorized access.
Edit FUXA configuration file to set ADMIN_JWT_SECRET environment variable to a strong random value
Disable Authentication
allTemporarily disable authentication if not required, though this reduces security in other ways.
Set authentication to disabled in FUXA configuration
🧯 If You Can't Patch
- Isolate FUXA systems behind firewalls with strict network access controls.
- Implement network segmentation to separate FUXA from critical industrial control systems.
🔍 How to Verify
Check if Vulnerable:
Check if running FUXA version 1.2.9 or earlier and verify if authentication is enabled but ADMIN_JWT_SECRET is not set in configuration.Check Version:
Check FUXA web interface or configuration files for version informationVerify Fix Applied:
Confirm FUXA version is 1.2.10 or later and ADMIN_JWT_SECRET is properly configured with a strong value.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to administrative endpoints
- Unexpected configuration changes in FUXA
Network Indicators:
- Unusual traffic patterns to FUXA administrative endpoints from unauthenticated sources
SIEM Query:
source="FUXA" AND (event_type="admin_access" OR event_type="config_change") AND user="unauthenticated"