CNNVD-202511-2627 Information

CNNVD ID

CNNVD-202511-2627

Related CVE

CVE-2025-63432

• CNNVD Published: 2025-11-24

Description (Chinese)

Xtool AnyScan App是中国Xtool公司的一款汽车诊断移动应用。 Xtooltech Xtool AnyScan Android Application 4.40.40及之前版本存在安全漏洞，该漏洞源于缺少SSL证书验证，可能导致中间人攻击。

Description (English)

Xtool AnyScan App is a vehicle diagnostic mobile application for Xtool China. Xtooltech Xtool AnyScan Android Application 4.40.40 and previous versions contain a security loophole stemming from the lack of SSL certification, which could lead to an attack by an intermediary.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Xtool

Published

2025-11-24

Last Modified

2026-02-24

References

https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63432 https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/ https://access.redhat.com/security/cve/cve-2025-63432