CVE-2026-25895

CRITICAL

FUXA < 1.2.10 - Unauthenticated Path Traversal and Arbitrary File Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-25895. PoCs published by Anthony Cihan, adminlove520, Hann1bl3L3ct3r.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated path traversal vulnerability in FUXA <= 1.2.9, allowing arbitrary file writes and remote code execution (RCE). The vulnerability stems from the `/api/upload` endpoint lacking authentication middleware and improperly handling the `destination` parameter, enabling directory traversal attacks.

Description

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.

Exploits (3)

exploitdb WORKING POC
by Anthony Cihan · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52568

This exploit demonstrates an unauthenticated path traversal vulnerability in FUXA <= 1.2.9, allowing arbitrary file writes and remote code execution (RCE). The vulnerability stems from the `/api/upload` endpoint lacking authentication middleware and improperly handling the `destination` parameter, enabling directory traversal attacks.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FUXA <= 1.2.9
No auth needed
Prerequisites: Network access to the target FUXA instance · FUXA process must have write permissions to the target file path
devstral-2 · analyzed May 22, 2026 Full analysis →
github WORKING POC 4 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-25895

The repository contains a functional Python exploit for CVE-2026-25895, targeting an unauthenticated path traversal vulnerability in FUXA <= 1.2.9. The exploit demonstrates arbitrary file write and remote code execution via multiple techniques, including cron job injection and webshell installation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FUXA <= 1.2.9
No auth needed
Prerequisites: Network access to the target · FUXA service running on default or known port
devstral-2 · analyzed May 14, 2026 Full analysis →
github WORKING POC
by Hann1bl3L3ct3r · pythonpoc
https://github.com/Hann1bl3L3ct3r/FUXAPWN

The repository contains a functional Python exploit for CVE-2026-25895, an unauthenticated path traversal vulnerability in FUXA <= 1.2.9. The exploit leverages a flawed endpoint to achieve arbitrary file writes and remote code execution via multiple post-exploitation techniques.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FUXA <= 1.2.9
No auth needed
Prerequisites: Network access to the target · FUXA service running on default or known port
devstral-2 · analyzed Apr 25, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0267
EPSS Percentile 83.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22 CWE-306
Status published
Products (2)
frangoteam/fuxa < 1.2.10
npm/fuxa-server 0 - 1.2.10npm
Published Feb 09, 2026
Tracked Since Feb 18, 2026