Cyber Resilience

CVE-2026-25752

Critical

Published: 06 February 2026

Published
06 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 37.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-25752 is a critical-severity Missing Authorization (CWE-862) vulnerability in Frangoteam Fuxa. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-25752 is an authorization bypass vulnerability (CWE-862) in FUXA, an open-source web-based Process Visualization (SCADA/HMI/Dashboard) software. The flaw allows an unauthenticated, remote attacker to bypass role-based access controls and modify device tags via WebSockets. It affects FUXA versions through 1.2.9 and has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), highlighting high integrity and availability impacts with no privileges required.

An unauthenticated attacker with network access to the FUXA instance can exploit this vulnerability to overwrite arbitrary device tags or disable communication drivers. This exposes connected ICS/SCADA environments to follow-on actions, potentially enabling manipulation of physical processes and disconnection of devices from the HMI.

The issue has been addressed in FUXA version 1.2.10, as detailed in the project's GitHub release notes (https://github.com/frangoteam/FUXA/releases/tag/v1.2.10) and security advisory (https://github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8). Security practitioners should upgrade to the patched version and review WebSocket access controls in exposed deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and overwrite arbitrary device…

more

tags or disable communication drivers, exposing connected ICS/SCADA environments to follow-on actions. This may allow an attacker to manipulate physical processes and disconnected devices from the HMI. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1489 Service Stop Impact
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users.
T1565.003 Runtime Data Manipulation Impact
Adversaries may modify systems in order to manipulate the data as it is accessed and displayed to an end user, thus threatening the integrity of the data.
Why these techniques?

CVE directly enables remote unauthenticated exploitation of a public-facing web/SCADA app (T1190); the resulting tag overwrite and driver disable actions map to runtime data manipulation (T1565.003) and service stop (T1489).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25939Same product: Frangoteam Fuxa
CVE-2026-25893Same product: Frangoteam Fuxa
CVE-2025-69983Same product: Frangoteam Fuxa
CVE-2026-25938Same product: Frangoteam Fuxa
CVE-2025-69970Same product: Frangoteam Fuxa
CVE-2026-25894Same product: Frangoteam Fuxa
CVE-2025-69971Same product: Frangoteam Fuxa
CVE-2026-25951Same product: Frangoteam Fuxa
CVE-2026-25895Same product: Frangoteam Fuxa
CVE-2026-25751Same product: Frangoteam Fuxa

Affected Assets

frangoteam
fuxa
≤ 1.2.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces role-based access controls to directly prevent the authorization bypass allowing unauthenticated WebSocket modifications to device tags.

prevent

Requires timely patching of the specific authorization bypass flaw in FUXA versions through 1.2.9 to version 1.2.10, eliminating the vulnerability.

prevent

Implements boundary protection to monitor and control network communications, blocking unauthenticated remote access to the FUXA WebSocket interface.

References