VYPR
Vendor

Xtooltech

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-63434Nov 24, 2025
    risk 0.00cvss epss 0.00

    The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker…

  • CVE-2025-63433Nov 24, 2025
    risk 0.00cvss epss 0.00

    Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded…

  • CVE-2025-63432Nov 24, 2025
    risk 0.00cvss epss 0.00

    Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a…

  • CVE-2025-63435Nov 24, 2025
    risk 0.00cvss epss 0.00

    Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely…