CVE-2026-25751
HIGH
GHSA-c5gq-4h56-4mmx
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Analysis
Unauthenticated attackers can retrieve sensitive InfluxDB credentials from FUXA versions through 1.2.9 due to missing authentication controls, enabling direct database access. An attacker exploiting this vulnerability can read, modify, or delete all historical process data and perform denial of service attacks by corrupting the database. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all FUXA deployments and document network exposure; disable external internet access to FUXA instances if possible. Within 7 days: Implement network segmentation (air-gap or firewall rules limiting FUXA access to trusted networks only) and force immediate password rotation for all database credentials accessible through FUXA. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today