Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

GHSA-2r8f-cf6w-x5vq · CVE-2025-69971

Published Feb 3, 2026 · Modified May 11, 2026

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references.

Original Description

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-69971
PACKAGE https://github.com/frangoteam/FUXA
WEB https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes