CVE-2025-56513 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redir…
Critical CVSS: 9.8

CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.
Vendor
Nicehash
Product
Quickminer
CWE
CWE-494
Yayın Tarihi
2025-09-30 18:15:50
Güncelleme
2025-10-15 18:39:09
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-494 Quickminer CRITICAL Nicehash 2025

Referanslar

https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b https://medium.com/@princep49036142/hijacking-the-miner-zero-click-rce-in-nicehash-quickminer-cve-2025-56513-4a7190295e6c https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b