Vulnerability Details CVE-2026-25893
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has been patched in FUXA version 1.2.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-25893
-
cpe:2.3:a:frangoteam:fuxa:1.0.0
-
cpe:2.3:a:frangoteam:fuxa:1.0.1
-
cpe:2.3:a:frangoteam:fuxa:1.0.10
-
cpe:2.3:a:frangoteam:fuxa:1.0.11
-
cpe:2.3:a:frangoteam:fuxa:1.0.2
-
cpe:2.3:a:frangoteam:fuxa:1.0.3
-
cpe:2.3:a:frangoteam:fuxa:1.0.4
-
cpe:2.3:a:frangoteam:fuxa:1.0.5
-
cpe:2.3:a:frangoteam:fuxa:1.0.6
-
cpe:2.3:a:frangoteam:fuxa:1.0.7
-
cpe:2.3:a:frangoteam:fuxa:1.0.8
-
cpe:2.3:a:frangoteam:fuxa:1.0.9
-
cpe:2.3:a:frangoteam:fuxa:1.1.01
-
cpe:2.3:a:frangoteam:fuxa:1.1.10
-
cpe:2.3:a:frangoteam:fuxa:1.1.11
-
cpe:2.3:a:frangoteam:fuxa:1.1.12
-
cpe:2.3:a:frangoteam:fuxa:1.1.13
-
cpe:2.3:a:frangoteam:fuxa:1.1.14
-
cpe:2.3:a:frangoteam:fuxa:1.1.2
-
cpe:2.3:a:frangoteam:fuxa:1.1.3
-
cpe:2.3:a:frangoteam:fuxa:1.1.4
-
cpe:2.3:a:frangoteam:fuxa:1.1.5
-
cpe:2.3:a:frangoteam:fuxa:1.1.6
-
cpe:2.3:a:frangoteam:fuxa:1.1.7
-
cpe:2.3:a:frangoteam:fuxa:1.1.8
-
cpe:2.3:a:frangoteam:fuxa:1.1.9