PatchSiren cyber security CVE debrief

CVE-2025-56513 Nicehash CVE debrief

CVE-2025-56513 describes a critical update-integrity weakness in NiceHash QuickMiner 6.12.0. The CVE record says the product can perform software updates over HTTP without validating digital signatures or hash checks, which could allow a network-positioned attacker to hijack the update process and deliver an automatically executed malicious executable. The record rates the issue 9.8 (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps it to CWE-494. The supplied record also includes a supplier statement disputing the existence of the specific http://update.nicehash.com URL, so the URL detail should be treated as disputed while the broader update-integrity allegation remains the core risk described in the corpus.

Vendor: Nicehash
Product: CVE-2025-56513
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-09-30
Original CVE updated: 2026-05-11
Advisory published: 2025-09-30
Advisory updated: 2026-05-11

Who should care

NiceHash QuickMiner users, miners, endpoint security teams, and administrators responsible for software update controls or fleet inventory should pay attention, especially where miner software may run on managed desktops or servers.

Technical summary

According to the supplied NVD/CVE record, NiceHash QuickMiner 6.12.0 has an insecure auto-update path that does not verify digital signatures or hashes before executing updated binaries. That is a classic update-delivery integrity failure (CWE-494): if an attacker can intercept or redirect update traffic, they may substitute arbitrary code that the client then runs automatically, creating a remote code execution path with no privileges or user interaction required. The record’s CVSS vector reflects full confidentiality, integrity, and availability impact. The corpus does not include an official vendor advisory or fixed-version announcement, and the supplier comment in the record disputes the specific HTTP URL cited in the narrative.

Defensive priority

High / urgent. This is a critical network-reachable supply-chain style execution path in an auto-update mechanism, so it warrants immediate inventory, exposure review, and vendor-verification steps.

Recommended defensive actions

Inventory all systems running NiceHash QuickMiner 6.12.0 and determine whether they are still in use.
Verify update behavior only against official, authenticated vendor guidance; do not rely on the disputed URL detail in the record.
Inspect affected endpoints for unexpected QuickMiner updater activity, unknown executables, or recent executions tied to the product’s update flow.
Restrict or monitor outbound network access from miner hosts to reduce opportunities for update interception or redirection.
If you cannot confirm a trusted, validated update chain, isolate or remove the software until a vendor-verified remediation is available.

Evidence notes

This debrief is based on the supplied NVD-modified CVE record published on 2025-09-30 and modified on 2026-05-11, plus the references embedded in that record. The corpus includes two Medium-hosted third-party references labeled as exploit/third-party advisory and a supplier statement disputing the specific http://update.nicehash.com URL. No official vendor advisory URL is included in the supplied corpus.

Official resources

CVE-2025-56513 CVE record
CVE.org
CVE-2025-56513 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Exploit
Mitigation or vendor reference
[email protected] - Third Party Advisory

Publicly disclosed in the CVE record on 2025-09-30 and later modified on 2026-05-11. The supplied corpus includes a supplier dispute over one cited HTTP URL, so that specific detail remains contested in the record.