logo

Database

Authentication mechanism absence or evasion In fuxa-server

Description

FUXA contains an Unrestricted File Upload vulnerability FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2025-699812. NVD-2025-699813. OSV-2025-699814. GCVE-2025-69981

References

1. https://github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js#L193

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.