CVE-2025-63432
- EPSS 0.03%
- Veröffentlicht 24.11.2025 00:00:00
- Zuletzt bearbeitet 28.11.2025 17:04:24
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability...
CVE-2025-63433
- EPSS 0.03%
- Veröffentlicht 24.11.2025 00:00:00
- Zuletzt bearbeitet 28.11.2025 17:06:07
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network t...
CVE-2025-63434
- EPSS 0.03%
- Veröffentlicht 24.11.2025 00:00:00
- Zuletzt bearbeitet 28.11.2025 17:06:23
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on...
CVE-2025-63435
- EPSS 0.07%
- Veröffentlicht 24.11.2025 00:00:00
- Zuletzt bearbeitet 28.11.2025 17:06:39
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthentica...