Vulnerabilities

CVE-2026-25894 - FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default C...

2026-02-10 0 views admin

CVE ID : CVE-2026-25894 Published : Feb. 9, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10. Severity: 9.5 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25894

Severity

CRITICAL

Published

Feb. 9, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25894critical

CVE-2026-25894 - FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default C...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3134 - itsourcecode News Portal Project edit-category.php sql injection

CVE-2026-3133 - itsourcecode Document Management System Login loging.php sql injection

CVE-2025-46320 - FileMaker WebDirect Cross-Site Scripting (XSS)

CVE-2026-21410 - InSAT MasterSCADA BUK-TS SQL Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting