## https://sploitus.com/exploit?id=E2D34D16-4A7C-5C81-83DB-BA6F9CEEB6B5
#CVE-2025-56513
Critical Supply-Chain Vulnerability in NiceHash QuickMiner Update Mechanism
Author: Prince T Philip
Role: Independent Security Researcher
Severity: CRITICAL โ CVSS 9.8
Impact: Remote Code Execution / Supply-Chain Compromise
Status: Publicly Disclosed & Assigned CVE-2025-56513
Executive Summary
CVE-2025-56513 is a critical vulnerability discovered in NiceHash QuickMiner v6.12.0 that allows a remote attacker to compromise the software update process and execute arbitrary code on victim machines.
The root cause is the application's use of unencrypted HTTP for update delivery combined with the absence of digital signature verification or integrity checks.
This design flaw enables a network-level attacker to perform a Man-in-the-Middle (MITM) attack and replace legitimate updates with malicious payloads.
This vulnerability represents a severe software supply-chain risk and affects users globally.
Affected Product
Product: NiceHash QuickMiner
Version: v6.12.0
Component: Auto-Update Mechanism
Platform: Windows
Attack Vector: Network (MITM)
Technical Breakdown
Root Cause
The update workflow performs the following insecure operations:
1. Retrieves update metadata over unencrypted HTTP
2. Downloads update binaries over unencrypted HTTP
3. Applies the update without validating:
Digital signature
Cryptographic hash
Publisher authenticity
This violates fundamental secure update principles.
Vulnerability Class
CWE-319: Cleartext Transmission of Sensitive Information
CWE-494: Download of Code Without Integrity Check
CWE-353: Missing Support for Integrity Check
Attack Scenario
An attacker positioned on the same network as the victim (public Wi-Fi, compromised router, ISP-level attacker, etc.) can:
1. Intercept the HTTP update request
2. Replace the legitimate update with a malicious binary
3. Serve the modified payload to the victim
4. Achieve full remote code execution
Because QuickMiner typically runs with elevated privileges, the attacker gains system-level control.
This turns the update mechanism into a weaponized malware delivery channel.
Global Impact
NiceHash QuickMiner is used by a large international user base for cryptocurrency mining operations.
The vulnerability therefore exposes:
Individual users
Mining farms
Enterprise-scale deployments
Cloud-hosted mining infrastructure
This constitutes a global supply-chain exposure.
CVSS Score
CVSS v3.1 Base Score: 9.8 (CRITICAL)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommended Remediation
To properly secure the update system, vendors must:
1. Enforce HTTPS/TLS for all update communications
2. Implement strong cryptographic signature verification
3. Validate integrity using SHA-256 or stronger hashing
4. Reject updates that fail verification
5. Employ certificate pinning for update servers
Researcher Statement
> This vulnerability highlights a persistent industry failure:
update mechanisms remain one of the weakest links in modern software security.
CVE-2025-56513 demonstrates how a single design oversight can expose an entire global user base to silent compromise.
References
CVE Record: CVE-2025-56513
NiceHash QuickMiner v6.12.0
Author
Prince T Philip
Independent Security Researcher
Specializing in Offensive Security & Supply-Chain Vulnerabilities
Closing
This research is published in the interest of improving global software security and protecting users from systemic supply-chain compromise.
Responsible disclosure procedures were followed.