Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.

INFO

Published Date :

2026-02-09T22:24:25.857Z

Last Modified :

2026-02-11T21:24:18.690Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25951 vulnerability.

Vendors Products
Frangoteam
  • Fuxa
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25951.

URL Resource
https://github.com/frangoteam/FUXA/commit/f7a9f04b2ab97ab5421e4ec4e711c51e9f4b65c8 cve-icon cve-icon
https://github.com/frangoteam/FUXA/releases/tag/v1.2.11 cve-icon cve-icon
https://github.com/frangoteam/FUXA/security/advisories/GHSA-68m5-5w2h-h837 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact