CVE-2025-63216

Published: Nov 18, 2025Modified: Jan 15, 2026

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

Affected (1)

Products: Itel: Idgateway Firmware

1 product

Idgateway Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Itel Idgateway Firmware	All versions

Running on/with	Platform Versions
Itel Idgateway	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (2)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63216_Itel%20DAB%20Gateway%20Authentication%20Bypass

Source: cve@mitre.org

ExploitThird Party AdvisoryMitigation

https://www.itel.it/

Source: cve@mitre.org

Product

Timeline

No history available yet.