PT-2025-37564 · Avtech · Avtech Eagleeyes+2
Shinycolumn
·
Published
2025-09-15
·
Updated
2025-10-17
·
CVE-2025-46408
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AVTECH EagleEyes version 2.0.0
Description
An issue was discovered in the
GetHttpsResponse method of push.lite.avtech.com.AvtechLib and the getNewHttpClient method of push.lite.avtech.com.Push HttpService. These methods set ALLOW ALL HOSTNAME VERIFIER, bypassing domain validation.Recommendations
Update AVTECH EagleEyes to a newer version that addresses this issue. As a temporary workaround, consider disabling the use of the
GetHttpsResponse and getNewHttpClient methods until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avtech Eagleeyes
Avtechlib
Push Httpservice