Title: FUXA Unauthenticated Remote Code Execution via Heartbeat Refresh API Severity: Critical Affected versions: <= 1.2.9 Patched versions: 1.2.10 CVE ID: CVE-2026-25893 Description: - An authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. - This affects FUXA through version 1.2.9 when authentication is enabled. - The issue has been patched in FUXA version 1.2.10. Impact: - An unauthenticated, remote attacker can bypass all authentication mechanisms and execute arbitrary code, potentially leading to full system compromise. Patches: - Users are strongly encouraged to update to version 1.2.10. Weaknesses: - CWE-285 (Improper Access Control) - CWE-287 (Improper Authentication)