Login Sign Up

CVE-2025-63216

10.0 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Itel DAB Gateway devices by reusing a valid JWT token from one device to gain administrative access to any other device running the same firmware. This leads to full compromise of affected devices. All users of Itel DAB Gateway with build c041640a are affected.

💻 Affected Systems

Products:
  • Itel DAB Gateway
Versions: Build c041640a
Operating Systems: Embedded/Linux-based
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware build are vulnerable regardless of configuration.

📦 What is this software?

Idgateway Firmware by Itel

View all CVEs affecting Idgateway Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of all affected devices across an organization, allowing data theft, network pivoting, and deployment of persistent malware.

🟠

Likely Case

Unauthorized administrative access to multiple devices, enabling configuration changes, data access, and potential lateral movement.

🟢

If Mitigated

Limited to isolated devices with strict network segmentation and monitoring.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can easily exploit them remotely.
🏢 Internal Only: HIGH - Even internally, attackers with network access can compromise multiple devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires obtaining a valid JWT token from any vulnerable device first, but once obtained, bypass is trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.itel.it/

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download and apply the patched firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate network segments to limit lateral movement.

Access Control Lists

all

Implement strict firewall rules to limit device access to authorized IPs only.

🧯 If You Can't Patch

  • Immediately disconnect affected devices from networks until patched.
  • Monitor network traffic to/from devices for unusual authentication patterns.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If build is c041640a, device is vulnerable.

Check Version:

Check device documentation for version command, typically via web interface at device IP.

Verify Fix Applied:

Verify firmware version has been updated to a version later than c041640a.

📡 Detection & Monitoring

Log Indicators:

  • Multiple authentication attempts with same JWT token across different devices
  • Administrative access from unexpected IP addresses

Network Indicators:

  • Unusual authentication traffic patterns between devices
  • JWT tokens being reused across device boundaries

SIEM Query:

source="itel-dab-gateway" AND (event_type="auth" AND jwt_token_count > 1) OR (src_ip != expected_admin_ip AND action="admin_access")

📊 Metadata

CVE ID: CVE-2025-63216
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.17% exploit probability (38.4th percentile)
Published: November 18, 2025
Last Updated: January 15, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63216, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)