Vulnerability Description
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frangoteam | Fuxa | <= 1.2.8 |
Related Weaknesses (CWE)
References
- https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40ExploitThird Party Advisory
- https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.jsProduct
FAQ
What is CVE-2025-69985?
CVE-2025-69985 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trust...
How severe is CVE-2025-69985?
CVE-2025-69985 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-69985?
Check the references section above for vendor advisories and patch information. Affected products include: Frangoteam Fuxa.