Cyber Posture

CVE-2025-69983

CriticalRCE

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 58.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69983 is a critical-severity Code Injection (CWE-94) vulnerability in Frangoteam Fuxa. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation and sanitization of user-supplied project files to block malicious scripts and system commands during import.

SC-39 Process Isolation good match
prevent

Mandates process isolation to sandbox execution of imported project scripts, preventing full system compromise even if malicious code executes.

SI-3 Malicious Code Protection good match
preventdetect

Deploys malicious code protection at system entry points like project import to identify and block execution of embedded system commands.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Unauthenticated RCE in public-facing web application (FUXA project import) via unsanitized file upload directly enables T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system…

more

compromise.

Deeper analysisAI

CVE-2025-69983 is a remote code execution (RCE) vulnerability in FUXA version 1.2.7. The flaw exists in the project import functionality, where the application does not properly sanitize or sandbox user-supplied scripts embedded in imported project files. This allows attackers to include malicious scripts with system commands. The vulnerability is associated with CWE-94 and has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Any unauthenticated attacker with network access can exploit this vulnerability by uploading a specially crafted project file containing arbitrary system commands. No user interaction or privileges are required, enabling low-complexity remote exploitation that results in full system compromise, with high impacts on confidentiality, integrity, and availability.

The primary reference points to the vulnerable source code in FUXA's project handling at https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js. No advisories or patches are detailed in the provided information.

Details

CWE(s)
NVD-CWE-noinfoCWE-94

Affected Products

frangoteam
fuxa
1.2.7

CVEs Like This One

CVE-2025-69970Same product: Frangoteam Fuxa
CVE-2026-25938Same product: Frangoteam Fuxa
CVE-2026-25894Same product: Frangoteam Fuxa
CVE-2026-25939Same product: Frangoteam Fuxa
CVE-2026-25893Same product: Frangoteam Fuxa
CVE-2026-25751Same product: Frangoteam Fuxa
CVE-2025-69981Same product: Frangoteam Fuxa
CVE-2025-69971Same product: Frangoteam Fuxa
CVE-2026-25895Same product: Frangoteam Fuxa
CVE-2025-69985Same product: Frangoteam Fuxa

References