216.73.216.6

CVE-2026-25751

· Published 06/02/2026 19:16 · Modified 06/02/2026 21:57

Labels: CVE-2026-25751 2026-02-06CVE-2026-25751CWE-306[email protected]

Essential information

Published
06/02/2026 19:16
Modified
06/02/2026 21:57
Author
Creator
CVSS
9.1 CRITICAL (v3) 9.1 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fuxa / fuxa cpe:2.3:a:fuxa:fuxa:1.2.9:*:*:*:*:*:*:*
fuxa / fuxa cpe:2.3:a:fuxa:fuxa:1.2.10:*:*:*:*:*:*:*

References