How to fix CVE-2025-69983?

Within 24 hours: Disable the project import functionality in FUXA or restrict access to trusted administrators only; inventory all FUXA instances across the organization. Within 7 days: Implement network segmentation to limit lateral movement from compromised FUXA instances; review logs for suspicious import activity. Within 30 days: Upgrade to a patched version when available or evaluate alternative solutions; conduct forensic analysis of any instances that processed external project files.

Is Fuxa affected by CVE-2025-69983?

FUXA v1.2.7 contains a critical remote code execution vulnerability in its project import feature that could allow attackers to execute arbitrary code on affected systems.

CVE-2025-69983

CRITICAL

2026-02-03 [email protected]

GHSA-5r63-q8hg-p8qx

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 18:16 nvd

CRITICAL 9.8

Description

FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.

Analysis

FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files containing malicious code.

Technical Context

FUXA v1.2.7 does not sanitize project import data (CWE-94), allowing attackers to inject code through crafted project files that executes during import, the fourth critical vulnerability in the FUXA SCADA platform.

Affected Products

['FUXA v1.2.7']

Remediation

Update FUXA urgently. Address all four vulnerabilities. Never expose SCADA/HMI systems to the internet.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +49

POC: 0

CVE-2025-69983 vulnerability details – vuln.today

Back

CVE-2025-69983

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69983

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code