Home / Vulnerability Intelligence / CVE-2025-69985

CVE-2025-69985 - Vulnerability Analysis

N/a

Last Updated: February 24, 2026

FUXA - Authentication Bypass & Remote Code Execution

Published: February 24, 2026Updated: February 24, 2026PoC Available

Overview

FUXA <= 1.2.8 contains an authentication bypass caused by improper trust of the HTTP Referer header in server/api/jwt-helper.js middleware, letting remote unauthenticated attackers execute arbitrary Node.js code via /api/runscript endpoint.

Severity & Score

Severity: N/a

Impact

Remote unauthenticated attackers can execute arbitrary code on the server, leading to full system compromise.

Mitigation

Update to the latest version of FUXA.

References

https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js
https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-69985
Severity: N/a
Type: broken_authentication
Status: unconfirmed

CVSS Metrics

N/A