CNNVD-202511-2622 Information

CNNVD ID

CNNVD-202511-2622

Related CVE

CVE-2025-63435

• CNNVD Published: 2025-11-24

Description (Chinese)

Xtool AnyScan App是中国Xtool公司的一款汽车诊断移动应用。 Xtool AnyScan App 4.40.40版本存在安全漏洞，该漏洞源于更新包下载端点缺少身份验证。

Description (English)

Xtool AnyScan App is a vehicle diagnostic mobile application for Xtool China. Xtool AnyScan App 4.40.40 has a security loophole, which stems from the lack of authentication at the download end of the update package.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Xtool

Published

2025-11-24

Last Modified

2026-02-24

References

https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63435 https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/ https://access.redhat.com/security/cve/cve-2025-63435