CVE-2025-63224

CriticalPublic PoC

Published: 19 November 2025

Published

19 November 2025

Modified

15 January 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0014 33.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63224 is a critical-severity Improper Authentication (CWE-287) vulnerability in Itel Idenc Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Implements unique identification and authentication mechanisms for users, directly preventing authentication bypass vulnerabilities from improper JWT validation.

SC-23 Session Authenticity good match

prevent

Ensures communications session authenticity and uniqueness, mitigating JWT token reuse across devices akin to session fixation.

IA-5 Authenticator Management good match

prevent

Mandates proper management, distribution, and validation of authenticators like JWT tokens to prevent cross-device exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a critical authentication bypass in a network-accessible (AV:N) public-facing device application, enabling remote attackers to exploit improper JWT validation for unauthorized administrative access, directly mapping to Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device…

running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

Deeper analysisAI

CVE-2025-63224 is an authentication bypass vulnerability in the Itel DAB Encoder (IDEnc build 25aec8d) stemming from improper JWT validation. This flaw affects devices running the same firmware, allowing JWT tokens to be shared across instances regardless of differing passwords or networks. Associated with CWE-287 (Improper Authentication) and CWE-384 (Session Fixation), it has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no prerequisites, and high impact on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this vulnerability. By obtaining a valid JWT token from one affected device, they can reuse it to authenticate and escalate to administrative access on any other device with the same firmware. This enables full compromise of targeted devices.

References for further details include vulnerability research at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass and the vendor site at https://www.itel.it/. The CVE was published on 2025-11-19T16:15:48.450.