CVE-2025-63224

Name of the Vulnerable Software and Affected Versions Itel DAB Encoder version 25aec8d

Description The Itel DAB Encoder (IDEnc build 25aec8d) has a flaw in how it verifies JSON Web Tokens (JWTs). This allows an attacker who has a valid JWT from one device to use it to gain administrative access to any other device running the same firmware, regardless of the passwords or network configurations. This can lead to a complete compromise of the affected devices. The issue stems from improper JWT validation across devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.