CVE-2025-56513

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nicehash:quickminer:6.12.0:*:*:*:*:*:*:*

History

15 Oct 2025, 18:39

Type Values Removed Values Added
CPE cpe:2.3:a:nicehash:quickminer:6.12.0:*:*:*:*:*:*:*
References () https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b - () https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b - Exploit
References () https://medium.com/@princep49036142/hijacking-the-miner-zero-click-rce-in-nicehash-quickminer-cve-2025-56513-4a7190295e6c - () https://medium.com/@princep49036142/hijacking-the-miner-zero-click-rce-in-nicehash-quickminer-cve-2025-56513-4a7190295e6c - Third Party Advisory
First Time Nicehash
Nicehash quickminer

03 Oct 2025, 19:15

Type Values Removed Values Added
CWE CWE-494
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b - () https://medium.com/@princep49036142/hijacking-the-miner-how-nicehashminers-auto-update-pipeline-enables-zero-click-rce-ed6a36b6769b -

30 Sep 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-30 18:15

Updated : 2025-10-15 18:39


NVD link : CVE-2025-56513

Mitre link : CVE-2025-56513

CVE.ORG link : CVE-2025-56513


JSON object : View

Products Affected

nicehash

  • quickminer
CWE
CWE-494

Download of Code Without Integrity Check