CVE-2025-69971

{"id": "CVE-2025-69971", "cveTags": [], "metrics": {}, "published": "2026-02-03T18:16:17.370", "references": [{"url": "https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js", "source": "cve@mitre.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access."}], "lastModified": "2026-02-03T18:16:17.370", "sourceIdentifier": "cve@mitre.org"}