MEDIUM🇬🇧 English

CVE-2025-63435

CVSS 4.3v3.1pub. 2025-11-24upd. 2025-11-28

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Xtooltech Xtool Anyscan

    APP
    Xtooltech
    ≤ 4.40.40
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-63434HIGH8.8ten sam produkt

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The applica...

CVE-2025-63432MEDIUM4.6ten sam produkt

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The appli...

CVE-2025-63433MEDIUM4.6ten sam produkt

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to dec...