CVE-2025-69985 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
FUXA - Authentication Bypass & Remote Code Execution
Overview
FUXA <= 1.2.8 contains an authentication bypass caused by improper trust of the HTTP Referer header in server/api/jwt-helper.js middleware, letting remote unauthenticated attackers execute arbitrary Node.js code via /api/runscript endpoint.
Severity & Score
Impact
Remote unauthenticated attackers can execute arbitrary code on the server, leading to full system compromise.
Mitigation
Update to the latest version of FUXA.
References
Social Media Activity(2 posts)
š“ CVE-2025-69985 - Critical (9.8) FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate interna... š https://www.thehackerwire.com/vulnerability/CVE-2025-69985/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2025-69985 - Critical (9.8) FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate interna... š https://www.thehackerwire.com/vulnerability/CVE-2025-69985/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2025-69985
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 53.8%
- Social Posts
- 2
CWE
- CWE-288
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H