CVE-2025-63224 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2025-63224?

CVE-2025-63224 has a CVSS score of 10.0 (CRITICAL). This vulnerability allows attackers to bypass authentication on Itel DAB Encoder devices by reusing a valid JWT token from one device to gain administrative access to any other device running the same firmware. This leads to full compromise of affected devices regardless of individual device passwords or network configurations. All devices running IDEnc build 25aec8d are affected.

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Itel DAB Encoder devices by reusing a valid JWT token from one device to gain administrative access to any other device running the same firmware. This leads to full compromise of affected devices regardless of individual device passwords or network configurations. All devices running IDEnc build 25aec8d are affected.

💻 Affected Systems

Products:

Itel DAB Encoder

Versions: IDEnc build 25aec8d

Operating Systems: Embedded/Linux-based systems running the encoder firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware build are vulnerable regardless of configuration.

📦 What is this software?

Idenc Firmware by Itel

View all CVEs affecting Idenc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all affected devices across an organization, allowing attackers to manipulate audio encoding, exfiltrate data, or use devices as footholds for lateral movement.

🟠

Likely Case

Unauthorized administrative access to DAB encoder devices, enabling configuration changes, service disruption, or data interception.

🟢

If Mitigated

Limited impact if devices are isolated in secure network segments with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly compromised without authentication.

🏢 Internal Only: HIGH - Once an attacker gains access to one device token, they can compromise all internal devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires obtaining a valid JWT token from any vulnerable device first, but token reuse is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.itel.it/

Restart Required: Yes

Instructions:

1. Contact Itel for firmware updates. 2. Apply updated firmware to all devices. 3. Restart devices after patching. 4. Rotate all JWT tokens.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DAB encoder devices in separate VLANs with strict firewall rules limiting access to authorized management systems only.

JWT Token Monitoring

all

Implement monitoring to detect unusual JWT token usage patterns across devices.

🧯 If You Can't Patch

Implement strict network access controls to limit device communication to only necessary systems.
Deploy network monitoring to detect anomalous authentication attempts and token reuse patterns.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH: look for IDEnc build 25aec8d in version information.

Check Version:

ssh admin@device-ip 'cat /etc/version' or check web interface system info

Verify Fix Applied:

Verify firmware version has changed from 25aec8d and test that JWT tokens cannot be reused across devices.

📡 Detection & Monitoring

Log Indicators:

Multiple authentication successes with same JWT token across different devices
Administrative actions from unexpected IP addresses

Network Indicators:

HTTP requests with JWT tokens to multiple device IPs
Unusual administrative traffic patterns

SIEM Query:

source="dab-encoder-logs" AND (event_type="auth_success" AND jwt_token=*) | stats count by jwt_token, dest_ip | where count > 1

📊 Metadata

CVE ID: CVE-2025-63224

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-287

EPSS Score: 0.16% exploit probability (37.2th percentile)

Published: November 19, 2025

Last Updated: January 15, 2026

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63224_Itel%20DAB%20Encoder%20Authentication%20Bypass Exploit,Third Party Advisory
https://www.itel.it/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63224, you might also want to check these: