CVE-2025-63434

Name of the Vulnerable Software and Affected Versions Xtooltech Xtool AnyScan Android Application versions prior to 4.40.40

Description The application’s update process is flawed because it downloads and extracts update packages with executable code without verifying their integrity or authenticity. An attacker controlling the update metadata could deliver a malicious package that the application accepts, extracts, and executes, potentially resulting in arbitrary code execution.

Recommendations Update to version 4.40.40 or later.