CVE-2025-56513
Published: 30 September 2025
Summary
CVE-2025-56513 is a critical-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Nicehash Quickminer. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 32.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2025-56513 is a critical vulnerability in NiceHash QuickMiner version 6.12.0, where the software performs automatic updates over HTTP without validating digital signatures or performing hash checks on downloaded files. This flaw, classified under CWE-494 (Download of Code Without Integrity Check), allows attackers to compromise the update mechanism, enabling the delivery and execution of malicious executables. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to the lack of authentication or integrity verification in the update pipeline.
An attacker capable of intercepting or redirecting network traffic to the update URL—such as through man-in-the-middle attacks on unsecured networks—can hijack the process and substitute legitimate updates with arbitrary executables. These malicious files are automatically executed by the miner software without user interaction, resulting in full remote code execution on the victim's system. No privileges or physical access are required, making it exploitable by remote adversaries over the network with low complexity.
References to the vulnerability include detailed analyses in Medium posts by researcher @princep49036142, which describe the auto-update pipeline's insecurity but do not specify official patches or vendor advisories at the time of publication on 2025-09-30.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31754
Vulnerability details
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically…
more
executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. NOTE: the Supplier reports that the existence of an http://update.nicehash.com URL is a fabrication, and that there is no other use of HTTP (rather than HTTPS).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure auto-update over HTTP with no integrity verification directly enables client-side exploitation for code execution (T1203) via malicious file ingress and automatic execution (T1105).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic integrity verification of software/firmware before execution, blocking the unsigned malicious update download in this CVE.
Mandates use of signed components for software updates, directly countering the missing digital signature validation that enables RCE via hijacked HTTP downloads.
Requires cryptographic protection of transmitted data integrity, preventing MITM interception and tampering of the update payload over HTTP.