Cyber Resilience

CVE-2025-63224

CriticalPublic PoC

Published: 19 November 2025

Published
19 November 2025
Modified
15 January 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0014 33.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63224 is a critical-severity Improper Authentication (CWE-287) vulnerability in Itel Idenc Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-63224 is an authentication bypass vulnerability in the Itel DAB Encoder (IDEnc build 25aec8d) stemming from improper JWT validation. This flaw affects devices running the same firmware, allowing JWT tokens to be shared across instances regardless of differing passwords or networks. Associated with CWE-287 (Improper Authentication) and CWE-384 (Session Fixation), it has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no prerequisites, and high impact on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this vulnerability. By obtaining a valid JWT token from one affected device, they can reuse it to authenticate and escalate to administrative access on any other device with the same firmware. This enables full compromise of targeted devices.

References for further details include vulnerability research at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass and the vendor site at https://www.itel.it/. The CVE was published on 2025-11-19T16:15:48.450.

EU & UK References

Vulnerability details

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device…

more

running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a critical authentication bypass in a network-accessible (AV:N) public-facing device application, enabling remote attackers to exploit improper JWT validation for unauthorized administrative access, directly mapping to Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-63216Same vendor: Itel
CVE-2025-63217Same vendor: Itel
CVE-2025-63529Shared CWE-384
CVE-2025-52689Shared CWE-384
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2026-23796Shared CWE-384
CVE-2024-57046Shared CWE-287
CVE-2026-1203Shared CWE-287
CVE-2026-1740Shared CWE-287

Affected Assets

itel
idenc firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements unique identification and authentication mechanisms for users, directly preventing authentication bypass vulnerabilities from improper JWT validation.

prevent

Ensures communications session authenticity and uniqueness, mitigating JWT token reuse across devices akin to session fixation.

prevent

Mandates proper management, distribution, and validation of authenticators like JWT tokens to prevent cross-device exploitation.

References