CVE-2025-56513
Published: 30 September 2025
Summary
CVE-2025-56513 is a critical-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Nicehash Quickminer. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 32.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-7 mandates integrity verification mechanisms like digital signatures or hashes for software updates, directly preventing execution of tampered executables downloaded without validation as in this CVE.
SC-8 requires cryptographic protections for transmission integrity and confidentiality, mitigating man-in-the-middle hijacking of HTTP-based updates exploited in this CVE.
CM-14 enforces the use of digitally signed components for software, ensuring update executables are verified before automatic execution as required to counter this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure auto-update over HTTP with no integrity verification directly enables client-side exploitation for code execution (T1203) via malicious file ingress and automatic execution (T1105).
NVD Description
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically…
more
executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.
Deeper analysisAI
CVE-2025-56513 is a critical vulnerability in NiceHash QuickMiner version 6.12.0, where the software performs automatic updates over HTTP without validating digital signatures or performing hash checks on downloaded files. This flaw, classified under CWE-494 (Download of Code Without Integrity Check), allows attackers to compromise the update mechanism, enabling the delivery and execution of malicious executables. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to the lack of authentication or integrity verification in the update pipeline.
An attacker capable of intercepting or redirecting network traffic to the update URL—such as through man-in-the-middle attacks on unsecured networks—can hijack the process and substitute legitimate updates with arbitrary executables. These malicious files are automatically executed by the miner software without user interaction, resulting in full remote code execution on the victim's system. No privileges or physical access are required, making it exploitable by remote adversaries over the network with low complexity.
References to the vulnerability include detailed analyses in Medium posts by researcher @princep49036142, which describe the auto-update pipeline's insecurity but do not specify official patches or vendor advisories at the time of publication on 2025-09-30.
Details
- CWE(s)