Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
XtooltechXtool Anyscan

4 matches found

CVE
CVEadded 2025/11/24 12:0 a.m.9 views

CVE-2025-63434

CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...

8.8CVSS7.4AI score0.00049EPSS
CVE
CVEadded 2025/11/24 12:0 a.m.7 views

CVE-2025-63433

Summary of CVE-2025-63433 : Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier uses a hardcoded cryptographic key and IV stored statically in code to decrypt update metadata. This enables an attacker who can intercept network traffic to use the hardcoded key to decrypt, modify, and r...

4.6CVSS6.4AI score0.00028EPSS
CVE
CVEadded 2025/11/24 12:0 a.m.5 views

CVE-2025-63435

Xtooltech Xtool AnyScan Android App 4.40.40 is affected by Missing Authentication for Critical Function. The server-side endpoint that serves update packages does not require authentication, allowing an unauthenticated remote attacker to download official update packages. Public documents do not ...

4.3CVSS6.7AI score0.00063EPSS
CVE
CVEadded 2025/11/24 12:0 a.m.4 views

CVE-2025-63432

CVE-2025-63432 affects Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier. Root cause is Missing SSL Certificate Validation for the update server, enabling a local network attacker to perform a MITM, intercept/decrypt/modify traffic, and potentially enable remote code execution. The ...

4.6CVSS6.8AI score0.00037EPSS