15 matches found
CVE-2025-63434
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...
EUVD-2025-198967
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63434
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
CVE-2025-63434
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
Xtool AnyScan App 安全漏洞
Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtool AnyScan App version 4.40.40, which stems from a lack of authentication at the download endpoint of the update package...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
CVE-2025-63434
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
CVE-2025-63432
CVE-2025-63432 affects Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier. Root cause is Missing SSL Certificate Validation for the update server, enabling a local network attacker to perform a MITM, intercept/decrypt/modify traffic, and potentially enable remote code execution. The ...
CVE-2025-63432
Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...
PT-2025-47948
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
Xtool AnyScan App 安全漏洞
Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtool AnyScan App version 4.40.40 and earlier, which stems from the use of a hard-coded key to decrypt update metadata...
CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official...