Unrated severityNVD Advisory· Published Nov 24, 2025· Updated Nov 24, 2025
CVE-2025-63435
CVE-2025-63435
Description
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Xtooltech/Xtool AnyScan Android Applicationdescription
- Range: = 4.40.40
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.