CNNVD-202511-2626 Information

CNNVD ID

CNNVD-202511-2626

Related CVE

CVE-2025-63433

• CNNVD Published: 2025-11-24

Description (Chinese)

Xtool AnyScan App是中国Xtool公司的一款汽车诊断移动应用。 Xtool AnyScan App 4.40.40及之前版本存在安全漏洞，该漏洞源于使用硬编码密钥解密更新元数据。

Description (English)

Xtool AnyScan App is a vehicle diagnostic mobile application for Xtool China. Xtool AnyScan App 4.40.40 and previous versions have a security loophole, which stems from the use of hard-coding keys to decrypt and update metadata.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Xtool

Published

2025-11-24

Last Modified

2026-02-24

References

https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/ https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63433 https://access.redhat.com/security/cve/cve-2025-63433