CVE-2026-25951 is a path traversal vulnerability identified in frangoteam's FUXA software, a web-based process visualization tool commonly used in SCADA, HMI, and dashboard environments. The flaw exists in the path sanitization logic prior to version 1.2.11, where nested traversal sequences such as '....//' are not properly normalized or filtered. This allows an authenticated attacker with administrative privileges to bypass directory restrictions and write arbitrary files to the server filesystem, including sensitive directories like 'runtime/scripts'. By placing malicious scripts in these directories, the attacker can trigger remote code execution (RCE) when the server reloads or executes these scripts. The vulnerability does not require user interaction and can be exploited remotely over the network, but it does require administrative-level authentication, which limits the attack surface to insiders or compromised admin accounts. The CVSS 4.0 base score is 8.6, reflecting high impact on confidentiality, integrity, and availability due to the potential for full system compromise. The vulnerability is fixed in FUXA version 1.2.11. No public exploits or active exploitation campaigns have been reported to date. This vulnerability is particularly critical in industrial control system environments where FUXA is deployed, as it can lead to operational disruption and safety risks.

For European organizations, the impact of this vulnerability is significant, especially those operating critical infrastructure, manufacturing plants, or utilities that rely on FUXA for process visualization and control. Successful exploitation could allow attackers to execute arbitrary code on SCADA/HMI servers, potentially disrupting industrial processes, causing downtime, or manipulating operational data. This could lead to safety hazards, financial losses, and regulatory non-compliance under frameworks like NIS2 and GDPR if sensitive data or operational integrity is compromised. The requirement for administrative privileges means the threat is heightened by insider threats or credential compromise. Given the critical role of SCADA systems in sectors such as energy, transportation, and manufacturing, the vulnerability poses a substantial risk to operational technology security and business continuity in Europe.

1. Immediately upgrade all FUXA installations to version 1.2.11 or later to apply the official patch addressing the path traversal flaw. 2. Restrict administrative access to FUXA interfaces using network segmentation, VPNs, or zero-trust principles to minimize exposure. 3. Implement strong multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. 4. Conduct regular audits of user privileges and remove unnecessary administrative rights. 5. Monitor server filesystem changes, especially in sensitive directories like 'runtime/scripts', using file integrity monitoring tools to detect unauthorized modifications. 6. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal patterns. 7. Maintain comprehensive logging and alerting on administrative actions and anomalous file writes. 8. Develop and test incident response plans specific to SCADA/HMI compromises to ensure rapid containment and recovery.