1. Home
  2. CVE Database
  3. CVE-2025-69970
CRITICAL · 9.3

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with aut...

Vulnerability Description

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
FrangoteamFuxa1.2.7

Related Weaknesses (CWE)

CWE-1188

References

FAQ

What is CVE-2025-69970?

CVE-2025-69970 is a vulnerability with a CVSS score of 9.3 (CRITICAL). FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with aut...

How severe is CVE-2025-69970?

CVE-2025-69970 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-69970?

Check the references section above for vendor advisories and patch information. Affected products include: Frangoteam Fuxa.