CVE-2025-63216
CRITICALItel DAB Gateway Firmware - Authentication Bypass via JWT Token Reuse
Title source: llmDescription
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, Mitigation
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63216_Itel%20DAB%20Gateway%20Authentication%20Bypass
Product
https://www.itel.it/
Scores
CVSS v3
10.0
EPSS
0.0068
EPSS Percentile
47.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
CWE-384
Status
published
Products (1)
itel/idgateway_firmware
Published
Nov 18, 2025
Tracked Since
Feb 18, 2026