Cyber Resilience

CVE-2026-25751

Critical

Published: 06 February 2026

Published
06 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 18.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-25751 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Frangoteam Fuxa. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-25751 is an information disclosure vulnerability in FUXA, an open-source web-based Process Visualization (SCADA/HMI/Dashboard) software. The flaw allows an unauthenticated remote attacker to retrieve sensitive administrative database credentials, exposing the full system configuration, including credentials for the InfluxDB database. It affects all versions of FUXA through 1.2.9 and has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), linked to CWE-306 (Missing Authentication for Critical Function) and CWE-312 (Cleartext Storage of Sensitive Information).

An unauthenticated attacker with network access can exploit this vulnerability remotely with low complexity, without requiring user interaction or privileges. Successful exploitation grants the full system configuration and InfluxDB administrative credentials, enabling direct authentication to the database service. This allows the attacker to read, modify, or delete all historical process data, or conduct a denial-of-service by corrupting the database.

The issue has been addressed in FUXA version 1.2.10, as detailed in the project's GitHub release notes (https://github.com/frangoteam/FUXA/releases/tag/v1.2.10) and security advisory (https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx). Security practitioners should upgrade to the patched version and review exposed FUXA instances for potential credential compromise.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials…

more

for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Unauthenticated remote exploit of public-facing FUXA web app directly enables T1190; cleartext credential disclosure enables T1552 for subsequent DB access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25938Same product: Frangoteam Fuxa
CVE-2026-25895Same product: Frangoteam Fuxa
CVE-2026-25893Same product: Frangoteam Fuxa
CVE-2025-69983Same product: Frangoteam Fuxa
CVE-2025-69970Same product: Frangoteam Fuxa
CVE-2026-25894Same product: Frangoteam Fuxa
CVE-2026-25939Same product: Frangoteam Fuxa
CVE-2025-69971Same product: Frangoteam Fuxa
CVE-2026-25951Same product: Frangoteam Fuxa
CVE-2025-69981Same product: Frangoteam Fuxa

Affected Assets

frangoteam
fuxa
≤ 1.2.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication before allowing access to the sensitive administrative credential retrieval function that the CVE exploits.

prevent

Requires cryptographic protection of sensitive information (the InfluxDB administrative credentials) at rest, directly mitigating the CWE-312 cleartext storage aspect.

prevent

Mandates secure authenticator management practices that would prevent exposure of database credentials via the unauthenticated endpoint.

References