What is the CVSS score of CVE-2025-69983?

CVE-2025-69983 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Fuxa are affected by CVE-2025-69983?

FUXA v1.2.7 contains a critical remote code execution vulnerability in its project import feature that could allow attackers to execute arbitrary code on affected systems.

How to fix or mitigate CVE-2025-69983?

Within 24 hours: Disable the project import functionality in FUXA or restrict access to trusted administrators only; inventory all FUXA instances across the organization. Within 7 days: Implement network segmentation to limit lateral movement from compromised FUXA instances; review logs for suspicious import activity. Within 30 days: Upgrade to a patched version when available or evaluate alternative solutions; conduct forensic analysis of any instances that processed external project files.

Fuxa CVE-2025-69983

CRITICAL

Code Injection (CWE-94)

2026-02-03 cve@mitre.org

GHSA-5r63-q8hg-p8qx

RCE Fuxa

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 18:16 nvd

CRITICAL 9.8

DescriptionCVE.org

FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise.

AnalysisAI

FUXA v1.2.7 allows remote code execution through the project import functionality by importing crafted project files containing malicious code.

Technical ContextAI

FUXA v1.2.7 does not sanitize project import data (CWE-94), allowing attackers to inject code through crafted project files that executes during import, the fourth critical vulnerability in the FUXA SCADA platform.

RemediationAI

Update FUXA urgently. Address all four vulnerabilities. Never expose SCADA/HMI systems to the internet.

CVE-2025-69983 vulnerability details – vuln.today

Back

Fuxa CVE-2025-69983

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code