TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-63435

MEDIUM
4.3

Beschreibung

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..

CVE Details

CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht11/24/2025
Zuletzt geandert11/28/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

xtooltech:xtool_anyscan

Schwachen (CWE)

CWE-306

Referenzen

https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63435(cve@mitre.org)
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.