CVE-2026-25894: CWE-321: Use of Hard-coded Cryptographic Key in frangoteam FUXA
CVE-2026-25894 is a critical vulnerability in frangoteam's FUXA, a web-based SCADA/HMI/dashboard software. Versions prior to 1. 2. 10 suffer from an insecure default configuration where the administrator JWT secret is hard-coded or not properly configured. This flaw allows unauthenticated remote attackers to gain administrative access and execute arbitrary code on the server without user interaction. The vulnerability stems from the use of hard-coded cryptographic keys (CWE-321) and insecure default configurations (CWE-1188). Although no known exploits are currently in the wild, the CVSS 4. 0 score of 9. 5 reflects its critical severity. The issue has been patched in version 1.
AI Analysis
Technical Summary
CVE-2026-25894 is a critical security vulnerability affecting frangoteam's FUXA software, a web-based process visualization tool commonly used in SCADA, HMI, and dashboard environments. The vulnerability arises from the use of hard-coded cryptographic keys (CWE-321) and insecure default configurations (CWE-1188) related to the administrator JWT secret. Specifically, in versions prior to 1.2.10, when authentication is enabled but the administrator JWT secret is not properly configured, an attacker can exploit this flaw remotely without authentication or user interaction. By leveraging the hard-coded or default JWT secret, the attacker can forge valid administrator tokens, thereby gaining full administrative access to the FUXA server. This elevated access enables execution of arbitrary code on the server, potentially allowing attackers to manipulate industrial control processes, disrupt operations, or exfiltrate sensitive data. The vulnerability has a CVSS 4.0 base score of 9.5, indicating critical severity, with high impact on confidentiality, integrity, and availability. Although no exploits have been observed in the wild yet, the ease of exploitation and the critical nature of the affected systems make this a significant threat. The issue was addressed and patched in FUXA version 1.2.10, which properly requires administrators to configure a secure JWT secret, eliminating the risk of token forgery. Organizations using FUXA should prioritize upgrading to the patched version and review their authentication configurations to ensure no default or hard-coded secrets remain. Network segmentation and access controls around FUXA interfaces can further reduce exposure. This vulnerability highlights the risks of insecure default configurations and the critical importance of secure cryptographic key management in industrial software.
Potential Impact
The impact of CVE-2026-25894 on European organizations is substantial, particularly those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors where FUXA is deployed for process visualization and control. Successful exploitation allows unauthenticated attackers to gain administrative privileges and execute arbitrary code on the server hosting FUXA. This can lead to unauthorized manipulation of industrial processes, causing operational disruptions, safety hazards, and potential physical damage. Confidentiality of sensitive operational data and intellectual property may be compromised, and integrity of control commands can be undermined, risking incorrect or malicious process control. Availability of critical monitoring and control dashboards may be affected, leading to downtime or delayed incident response. Given the criticality of industrial control systems in Europe’s economy and infrastructure, such compromises could have cascading effects on supply chains and public safety. The vulnerability’s ease of exploitation without authentication or user interaction increases the risk of rapid and widespread attacks if left unpatched. European organizations may also face regulatory and compliance repercussions if the vulnerability leads to data breaches or operational failures.
Mitigation Recommendations
To mitigate CVE-2026-25894, European organizations should immediately upgrade FUXA installations to version 1.2.10 or later, where the vulnerability is patched by enforcing proper JWT secret configuration. Prior to upgrading, administrators must audit their current JWT secret settings to ensure no default or hard-coded secrets are in use. If upgrading is not immediately feasible, organizations should restrict network access to FUXA interfaces using firewalls, VPNs, or network segmentation to limit exposure to untrusted networks. Implement strict access controls and monitoring on servers running FUXA to detect any unauthorized access attempts. Employ intrusion detection systems tuned to identify anomalous JWT token usage or administrative access patterns. Regularly review and update cryptographic keys and secrets to follow best practices for key management. Additionally, conduct security awareness training for operational technology teams to recognize and respond to potential exploitation attempts. Finally, integrate FUXA security posture into broader industrial cybersecurity frameworks and incident response plans to ensure rapid containment and remediation if exploitation occurs.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Belgium, Sweden
CVE-2026-25894: CWE-321: Use of Hard-coded Cryptographic Key in frangoteam FUXA
Description
CVE-2026-25894 is a critical vulnerability in frangoteam's FUXA, a web-based SCADA/HMI/dashboard software. Versions prior to 1. 2. 10 suffer from an insecure default configuration where the administrator JWT secret is hard-coded or not properly configured. This flaw allows unauthenticated remote attackers to gain administrative access and execute arbitrary code on the server without user interaction. The vulnerability stems from the use of hard-coded cryptographic keys (CWE-321) and insecure default configurations (CWE-1188). Although no known exploits are currently in the wild, the CVSS 4. 0 score of 9. 5 reflects its critical severity. The issue has been patched in version 1.
AI-Powered Analysis
Technical Analysis
CVE-2026-25894 is a critical security vulnerability affecting frangoteam's FUXA software, a web-based process visualization tool commonly used in SCADA, HMI, and dashboard environments. The vulnerability arises from the use of hard-coded cryptographic keys (CWE-321) and insecure default configurations (CWE-1188) related to the administrator JWT secret. Specifically, in versions prior to 1.2.10, when authentication is enabled but the administrator JWT secret is not properly configured, an attacker can exploit this flaw remotely without authentication or user interaction. By leveraging the hard-coded or default JWT secret, the attacker can forge valid administrator tokens, thereby gaining full administrative access to the FUXA server. This elevated access enables execution of arbitrary code on the server, potentially allowing attackers to manipulate industrial control processes, disrupt operations, or exfiltrate sensitive data. The vulnerability has a CVSS 4.0 base score of 9.5, indicating critical severity, with high impact on confidentiality, integrity, and availability. Although no exploits have been observed in the wild yet, the ease of exploitation and the critical nature of the affected systems make this a significant threat. The issue was addressed and patched in FUXA version 1.2.10, which properly requires administrators to configure a secure JWT secret, eliminating the risk of token forgery. Organizations using FUXA should prioritize upgrading to the patched version and review their authentication configurations to ensure no default or hard-coded secrets remain. Network segmentation and access controls around FUXA interfaces can further reduce exposure. This vulnerability highlights the risks of insecure default configurations and the critical importance of secure cryptographic key management in industrial software.
Potential Impact
The impact of CVE-2026-25894 on European organizations is substantial, particularly those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors where FUXA is deployed for process visualization and control. Successful exploitation allows unauthenticated attackers to gain administrative privileges and execute arbitrary code on the server hosting FUXA. This can lead to unauthorized manipulation of industrial processes, causing operational disruptions, safety hazards, and potential physical damage. Confidentiality of sensitive operational data and intellectual property may be compromised, and integrity of control commands can be undermined, risking incorrect or malicious process control. Availability of critical monitoring and control dashboards may be affected, leading to downtime or delayed incident response. Given the criticality of industrial control systems in Europe’s economy and infrastructure, such compromises could have cascading effects on supply chains and public safety. The vulnerability’s ease of exploitation without authentication or user interaction increases the risk of rapid and widespread attacks if left unpatched. European organizations may also face regulatory and compliance repercussions if the vulnerability leads to data breaches or operational failures.
Mitigation Recommendations
To mitigate CVE-2026-25894, European organizations should immediately upgrade FUXA installations to version 1.2.10 or later, where the vulnerability is patched by enforcing proper JWT secret configuration. Prior to upgrading, administrators must audit their current JWT secret settings to ensure no default or hard-coded secrets are in use. If upgrading is not immediately feasible, organizations should restrict network access to FUXA interfaces using firewalls, VPNs, or network segmentation to limit exposure to untrusted networks. Implement strict access controls and monitoring on servers running FUXA to detect any unauthorized access attempts. Employ intrusion detection systems tuned to identify anomalous JWT token usage or administrative access patterns. Regularly review and update cryptographic keys and secrets to follow best practices for key management. Additionally, conduct security awareness training for operational technology teams to recognize and respond to potential exploitation attempts. Finally, integrate FUXA security posture into broader industrial cybersecurity frameworks and incident response plans to ensure rapid containment and remediation if exploitation occurs.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-06T21:08:39.130Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 698a63b84b57a58fa17688d5
Added to database: 2/9/2026, 10:46:16 PM
Last enriched: 2/9/2026, 11:01:32 PM
Last updated: 2/9/2026, 11:56:59 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-0845: CWE-862 Missing Authorization in wclovers WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
HighCVE-2025-15147: CWE-639 Authorization Bypass Through User-Controlled Key in wclovers WCFM Membership – WooCommerce Memberships for Multivendor Marketplace
MediumCVE-2025-15314: Improper Link Resolution Before File Access ('Link Following') in Tanium end-user-cx
MediumCVE-2025-15313: Improper Link Resolution Before File Access ('Link Following') in Tanium Tanium EUSS
MediumCVE-2025-15310: Improper Link Resolution Before File Access ('Link Following') in Tanium Patch Endpoint Tools
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.