logo

Database

Sensitive information in source code In fuxa-server

Description

Duplicate Advisory: FUXA contains a hard-coded credential vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c8m8-3jcr-6rj5. This link is maintained to preserve external references.

Original Description

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. NVD-2025-699712. GCVE-GHSA-2r8f-cf6w-x5vq

References

1. https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.