CVE 9.3 CRITICAL

CVE-2025-69970_CVE-2025-69970

February 5, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Description

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.

AI Analysis

Insecure default configuration vulnerability allowing unauthenticated access to sensitive API endpoints and control of industrial equipment

Basic Information

ID CVE-2025-69970

Source mitre

Published Feb 3, 2026 at 00:00

Modified Feb 5, 2026 at 14:55

Affected Product

Vendor Frangoteam

Product FUXA

Version 1.2.7

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Frangoteam

Product FUXA

Version 1.2.7

References

github.com /frangoteam/FUXA/blob/master/server/settings.default.js

{
    "lastseen": "",
    "description": "FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.",
    "published": "2026-02-03T00:00:00.000Z",
    "modified": "2026-02-05T14:55:33.537Z",
    "type": "cve",
    "title": "CVE-2025-69970",
    "source": "mitre",
    "references": "https://github.com/frangoteam/FUXA/blob/master/server/settings.default.js",
    "id": "CVE-2025-69970",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FUXA",
    "version": "1.2.7",
    "vendor": "Frangoteam",
    "ai_description": "Insecure default configuration vulnerability allowing unauthenticated access to sensitive API endpoints and control of industrial equipment",
    "ai_severity": "Critical",
    "ai_vendor": "Frangoteam",
    "ai_product": "FUXA",
    "ai_version": "1.2.7",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply