Security Advisory

CVE-2026-25951

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 22:24:25

Last updated 2026-02-11 21:24:18

Assigner GitHub_M

State PUBLISHED

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.

← Browse all CVEs View on cve.org ↗