What is the CVSS score of CVE-2026-25895?

CVE-2026-25895 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of SCADA are affected by CVE-2026-25895?

FUXA deployments face a critical, unauthenticated remote code execution risk through a path traversal flaw that allows attackers to write arbitrary files to your servers without credentials.. A patch is available.

Is there a public PoC exploit available for CVE-2026-25895?

Yes, a public proof-of-concept exploit is available for CVE-2026-25895. Prioritise patching immediately. EPSS: 0.0%.

SCADA CVE-2026-25895

CRITICAL

Path Traversal (CWE-22)

2026-02-09 security-advisories@github.com

GHSA-88qh-cphv-996c

Path Traversal SCADA Fuxa

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Feb 13, 2026 - 20:32 nvd

Patch available

CVE Published

Feb 09, 2026 - 23:16 nvd

CRITICAL 9.8

DescriptionNVD

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

AnalysisAI

FUXA SCADA has a path traversal vulnerability — ninth critical vulnerability enabling arbitrary file access on SCADA servers.

RemediationAI

Within 24 hours: Identify all FUXA instances and isolate them from untrusted networks; assess for signs of compromise in access logs. Within 7 days: Apply the vendor patch to all FUXA deployments and validate successful installation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-25895 vulnerability details – vuln.today

Back

SCADA CVE-2026-25895

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code