CVE-2025-63216
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| itel | dab_gateway | c041640a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Itel DAB Gateway (IDGat build c041640a) is an Authentication Bypass caused by improper JWT validation. This means that an attacker who obtains a valid JWT token from one device can reuse that token to authenticate and gain administrative access to any other device running the same firmware, regardless of differing passwords or network settings.
How can this vulnerability impact me? :
This vulnerability allows an attacker to fully compromise affected devices by gaining administrative access without proper authentication. This could lead to unauthorized control over the devices, potentially resulting in data breaches, device manipulation, or disruption of services.