cvedb.io
CVE-2025-69970
CRITICAL · CVSS 9.3
EPSS exploitation probability: 0%
Published 2026-02-03T18:16:17.260 · Last modified 2026-06-17T10:00:56.217

Summary

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.

Affected products

frangoteam — fuxa

Does this affect you?

Add your gear to cvedb and we'll alert you only when frangoteam ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.