CVE-2025-56513
BaseFortify
Publication date: 2025-09-30
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nicehash | quickminer | 6.12.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-494 | The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
NiceHash QuickMiner 6.12.0 performs software updates over HTTP without validating digital signatures or hash checks. This allows an attacker who can intercept or redirect the update traffic to hijack the update process and deliver arbitrary executables that are automatically executed, leading to full remote code execution. Essentially, it is a critical supply chain attack vector.
How can this vulnerability impact me? :
This vulnerability can lead to an attacker executing arbitrary code on your system remotely by hijacking the software update process. This could result in full compromise of the affected system, including unauthorized access, data theft, or further malware installation.