{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T10:51:06.910","vulnerabilities":[{"cve":{"id":"CVE-2026-25751","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T19:16:10.163","lastModified":"2026-02-10T14:33:38.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10."},{"lang":"es","value":"FUXA es un software de visualización de procesos (SCADA/HMI/Dashboard) basado en web. Una vulnerabilidad de revelación de información en FUXA permite a un atacante remoto no autenticado recuperar credenciales administrativas sensibles de la base de datos. La explotación permite a un atacante remoto no autenticado obtener la configuración completa del sistema, incluyendo las credenciales administrativas para la base de datos InfluxDB. La posesión de estas credenciales puede permitir a un atacante autenticarse directamente en el servicio de la base de datos, permitiéndole leer, modificar o eliminar todos los datos históricos del proceso, o realizar una denegación de servicio corrompiendo la base de datos. Esto afecta a FUXA hasta la versión 1.2.9. Este problema ha sido parcheado en la versión 1.2.10 de FUXA."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.10","matchCriteriaId":"5811902D-CD7C-4D52-BD99-66EACBBB88FC"}]}]}],"references":[{"url":"https://github.com/frangoteam/FUXA/releases/tag/v1.2.10","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}