VYPR
← All advisories
High severityOSV Advisory· Published Feb 3, 2026· Updated Feb 28, 2026

CVE-2025-69971

CVE-2025-69971

Description

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@frangoteam/fuxanpm
< 1.3.01.3.0

Affected products

1
  • Frangoteam/FuxaOSV
    Range: untagged-fb3c7751ca725cb671dd, v.1.1.18, v1.0.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.