CVE-2025-56513

CRITICAL

NiceHash QuickMiner 6.12.0 - Remote Code Execution via Unauthenticated Update Hijacking

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56513. PoCs published by psycho-prince.

AI-analyzed exploit summary CVE-2025-56513 is a critical supply-chain vulnerability in NiceHash QuickMiner v6.12.0, allowing remote code execution via MITM attacks due to unencrypted HTTP update delivery and lack of integrity checks.

Description

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector. NOTE: the Supplier reports that the existence of an http://update.nicehash.com URL is a fabrication, and that there is no other use of HTTP (rather than HTTPS).

Exploits (1)

nomisec WRITEUP
by psycho-prince · poc
https://github.com/psycho-prince/CVE-2025-56513-NiceHash-Update-Chain-Compromise

CVE-2025-56513 is a critical supply-chain vulnerability in NiceHash QuickMiner v6.12.0, allowing remote code execution via MITM attacks due to unencrypted HTTP update delivery and lack of integrity checks.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NiceHash QuickMiner v6.12.0
No auth needed
Prerequisites: Network-level access (MITM position) · Victim initiating an update
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0041
EPSS Percentile 32.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-494
Status published
Products (1)
nicehash/quickminer 6.12.0
Published Sep 30, 2025
Tracked Since Feb 18, 2026