CVE-2026-25752
Published: 06 February 2026
Summary
CVE-2026-25752 is a critical-severity Missing Authorization (CWE-862) vulnerability in Frangoteam Fuxa. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces role-based access controls to directly prevent the authorization bypass allowing unauthenticated WebSocket modifications to device tags.
Requires timely patching of the specific authorization bypass flaw in FUXA versions through 1.2.9 to version 1.2.10, eliminating the vulnerability.
Implements boundary protection to monitor and control network communications, blocking unauthenticated remote access to the FUXA WebSocket interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly enables remote unauthenticated exploitation of a public-facing web/SCADA app (T1190); the resulting tag overwrite and driver disable actions map to runtime data manipulation (T1565.003) and service stop (T1489).
NVD Description
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and overwrite arbitrary device…
more
tags or disable communication drivers, exposing connected ICS/SCADA environments to follow-on actions. This may allow an attacker to manipulate physical processes and disconnected devices from the HMI. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Deeper analysisAI
CVE-2026-25752 is an authorization bypass vulnerability (CWE-862) in FUXA, an open-source web-based Process Visualization (SCADA/HMI/Dashboard) software. The flaw allows an unauthenticated, remote attacker to bypass role-based access controls and modify device tags via WebSockets. It affects FUXA versions through 1.2.9 and has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), highlighting high integrity and availability impacts with no privileges required.
An unauthenticated attacker with network access to the FUXA instance can exploit this vulnerability to overwrite arbitrary device tags or disable communication drivers. This exposes connected ICS/SCADA environments to follow-on actions, potentially enabling manipulation of physical processes and disconnection of devices from the HMI.
The issue has been addressed in FUXA version 1.2.10, as detailed in the project's GitHub release notes (https://github.com/frangoteam/FUXA/releases/tag/v1.2.10) and security advisory (https://github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8). Security practitioners should upgrade to the patched version and review WebSocket access controls in exposed deployments.
Details
- CWE(s)