CVE-2025-69985

CVSS 9.8 CRITICALEPSS 5.6%CWE-288

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 5.6%KEV nãoPoC públicaPatch —

Lifecycle

10 Apr 2025Public PoC

24 Feb 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/joshuavanderpoll/CVE-2025-69985★ 2 githubgithub.com/tianarsamm/CVE-2025-69985★ 0 githubgithub.com/kaleth4/CVE-2025-69985★ 0 exploitdbwww.exploit-db.com/exploits/52544unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40 https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js