Vulnerabilities

CVE-2025-63435

by Fred · 24/11/2025

Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..

More information : https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63435

Similar

Tags: Cybersecurity Alert