CVE-2026-25939 is a CVSS 9.8 missing authorization flaw in FUXA SCADA/HMI versions 1.2.8 through 1.2.10 that allows unauthenticated remote attackers to create and modify operational schedulers, directly enabling industrial process manipulation. It is actively listed in the CISA Known Exploited Vulnerabilities catalog and has a public proof-of-concept exploit. Patch to FUXA version 1.2.11 immediately or isolate from all network access.