CNNVD-202509-1767 Information

CNNVD ID

CNNVD-202509-1767

Related CVE

CVE-2025-58781

• CNNVD Published: 2025-09-12

Description (Chinese)

WTW-EAGLE App是WTW公司的一款具有提供风险管理、保险数据访问和分析功能的移动应用。 WTW-EAGLE App 存在信任管理问题漏洞，该漏洞源于未正确验证服务器证书，可能导致中间人攻击监控加密流量。

Description (English)

WTW-EAGLE App is a mobile application of WTW that provides risk management, insurance data access and analysis. WTW-EAGLE App has a trust management gap, which stems from the incorrect validation of server certificates and may lead to an attack by an intermediary on the controlled encryption traffic.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

WTW

Published

2025-09-12

Last Modified

2026-02-24

References

https://apps.apple.com/jp/app/wtw-eagle/id1365998037?uo=4 https://jvn.jp/en/jp/JVN89109713/ https://play.google.com/store/apps/details?id=com.generalcomp.wtw https://access.redhat.com/security/cve/cve-2025-58781