CVE-2025-63224 | The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to … | CVSS 10.0 CRITICAL

Description

The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

Metadata

CVE ID: CVE-2025-63224
State: PUBLISHED
Assigner: mitre
Reserved: 2025-10-27 00:00 UTC
Published: 2025-11-19 00:00 UTC
Last updated: 2025-11-19 16:22 UTC
Primary CWE: CWE-287
CWE-287 Improper Authentication
Vendor / Product: n/a / n/a
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
n/a	n/a	—	n/a

Weakness (CWE)

CWE	Source	Description
—	cna	n/a
CWE-287	adp	CWE-287 Improper Authentication
CWE-384	adp	CWE-384 Session Fixation

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (2)