nicehash CVE Vulnerabilities & Metrics

Focus on nicehash vulnerabilities and metrics.

Last updated: 26 Nov 2025, 23:25 UTC

About nicehash Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with nicehash. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total nicehash CVEs: 4
Earliest CVE date: 06 Nov 2019, 18:15 UTC
Latest CVE date: 30 Sep 2025, 18:15 UTC

Latest CVE reference: CVE-2025-56513

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical nicehash CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.4

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS nicehash CVEs

These are the five CVEs with the highest CVSS scores for nicehash, sorted by severity first and recency.

CVE-2019-6120 nicehash Published on 06 Nov 2019, 18:15 UTC (CVSS: 5.0)
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses.
CVE-2019-6122 nicehash Published on 06 Nov 2019, 18:15 UTC (CVSS: 4.3)
A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address.
CVE-2019-6121 nicehash Published on 06 Nov 2019, 18:15 UTC (CVSS: 4.3)
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this...
CVE-2025-56513 nicehash Published on 30 Sep 2025, 18:15 UTC (CVSS: 0)
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.

All CVEs for nicehash

CVE-2025-56513 nicehash vulnerability CVSS: 0 30 Sep 2025, 18:15 UTC

NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote code execution. This constitutes a critical supply chain attack vector.

CVE-2019-6122 nicehash vulnerability CVSS: 4.3 06 Nov 2019, 18:15 UTC

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address.

CVE-2019-6121 nicehash vulnerability CVSS: 4.3 06 Nov 2019, 18:15 UTC

An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information.

CVE-2019-6120 nicehash vulnerability CVSS: 5.0 06 Nov 2019, 18:15 UTC

An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses.