CVE-2025-63217

Published: Nov 18, 2025Modified: Jan 15, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.

Affected (1)

Products: Itel: Id Mux Firmware

1 product

Id Mux Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Itel Id Mux Firmware	All versions

Running on/with	Platform Versions
Itel Id Mux	All versions

Related CWEs

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63217%20_%20Itel%20DAB%20MUX%20Authentication%20Bypass

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.itel.it/

Source: cve@mitre.org

Product

Timeline

No history available yet.