CVE-2026-25895
🟠 Łataj w tym tygodniu
Luka w FUXA umożliwia zdalnemu atakującemu zapis dowolnych plików na serwerze.
CVSS
9.8
EPSS
2.7%
Exploit
none
Vendor
frangoteam
Opis źródłowy (NVD)
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 2.7% |
| Opublikowano (NVD) | 2026-02-09 23:16:05 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-17 10:25:23 UTC |
Referencje
- https://github.com/frangoteam/FUXA/commit/22c2192f5d9beef8a787c45eff3a14c24dbb5f96 (security-advisories@github.com) [Patch]
- https://github.com/frangoteam/FUXA/releases/tag/v1.2.10 (security-advisories@github.com) [Release Notes]
- https://github.com/frangoteam/FUXA/security/advisories/GHSA-88qh-cphv-996c (security-advisories@github.com) [Vendor Advisory]