CVE-2025-69971CRITICAL 9.8EPSS p78.6%

CVE-2025-69971CVE-2025-69971

Description

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS2.04% probability of exploitation · percentile 78.6% · 2026-06-19T12:03:05Z
Published2026-02-03
Last modified2026-02-28

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69970
CVE
CVE-2025-69985
CVE
CVE-2026-25894
CVE
CVE-2025-69981
CVE
CVE-2026-25893
CVE
CVE-2025-69983
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.