CVE-2025-63432

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Xtooltech Xtool AnyScan Android Application versions 4.40.40 and prior

Description The Xtooltech Xtool AnyScan Android Application does not properly validate TLS certificates from its update server. This allows an attacker on the same network to perform a Man-in-the-Middle (MITM) attack, intercepting, decrypting, and modifying traffic between the application and the update server. This can lead to further attacks, including Remote Code Execution.

Recommendations Update the Xtooltech Xtool AnyScan Android Application to a version newer than 4.40.40.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-599

Related Identifiers

CVE-2025-63432

Affected Products

Xtool Anyscan

CVE-2025-63432

Weakness Enumeration

Related Identifiers

Affected Products

References · 8