CVE-2025-63217 identifies a critical authentication bypass vulnerability in the Itel DAB MUX devices (IDMUX build c041640a). The root cause is improper validation of JSON Web Tokens (JWTs) across devices running the same firmware version. Specifically, a JWT token obtained legitimately from one device can be reused by an attacker to authenticate to any other device with the same firmware, bypassing password and network restrictions. This flaw arises because the JWT validation process does not bind tokens to individual devices or contexts, allowing token replay attacks across devices. As a result, an attacker can gain administrative privileges on any affected device without needing to know the password or perform additional authentication steps. The vulnerability is network exploitable without authentication or user interaction, making it highly dangerous. The CVSS v3.1 score of 9.8 reflects the critical impact on confidentiality, integrity, and availability, as attackers can fully control the devices, potentially disrupting broadcasting services or network operations. No patches or exploits are currently documented, but the vulnerability is publicly disclosed and should be addressed promptly. The CWE-288 classification (Authentication Bypass) highlights the failure in enforcing proper authentication mechanisms. Given the role of DAB MUX devices in digital audio broadcasting multiplexing, compromise could lead to unauthorized content manipulation, service outages, or further network penetration.

For European organizations, especially broadcasters and network operators relying on Itel DAB MUX devices, this vulnerability poses a severe risk. Attackers gaining administrative access can manipulate broadcast content, disrupt services, or use compromised devices as pivot points for broader network intrusions. Confidentiality is at risk as attackers could intercept or alter broadcast data streams. Integrity is compromised through unauthorized configuration changes or content injection. Availability is threatened by potential device shutdowns or denial-of-service conditions induced by attackers. The cross-device token reuse means that a single compromised device can jeopardize an entire fleet, amplifying the impact. This could lead to regulatory violations, reputational damage, and financial losses. The lack of current exploits in the wild provides a window for mitigation, but the critical severity demands immediate attention. Organizations involved in public broadcasting, emergency communication, or critical infrastructure in Europe must prioritize remediation to maintain service continuity and security.

1. Immediately audit all Itel DAB MUX devices to identify firmware versions and isolate affected units. 2. Engage with Itel or device vendors to obtain and deploy firmware updates that enforce strict JWT validation, including device-specific token binding to prevent token reuse across devices. 3. If patches are unavailable, implement network segmentation and access controls to limit administrative interface exposure only to trusted management networks. 4. Monitor device logs for suspicious authentication attempts or token reuse patterns. 5. Rotate all administrative credentials and invalidate existing JWT tokens where possible. 6. Employ multi-factor authentication (MFA) on management interfaces if supported to add an additional layer of security. 7. Conduct penetration testing and vulnerability assessments focused on authentication mechanisms in the affected environment. 8. Develop incident response plans specific to potential device compromise scenarios. 9. Coordinate with national cybersecurity agencies for threat intelligence sharing and guidance. 10. Educate operational staff on the risks and signs of exploitation related to this vulnerability.