Security Advisory

CVE-2026-25752

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-06 19:05:57

Last updated 2026-02-09 15:28:27

Assigner GitHub_M

State PUBLISHED

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and overwrite arbitrary device tags or disable communication drivers, exposing connected ICS/SCADA environments to follow-on actions. This may allow an attacker to manipulate physical processes and disconnected devices from the HMI. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

← Browse all CVEs View on cve.org ↗