Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN npm

FUXA contains an insecure default configuration vulnerability

GHSA-r5m2-fqcf-qrf7 · CVE-2025-69970

Published · Modified

Description

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API endpoints, modify projects, and control industrial equipment immediately after installation.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes