CVE-2025-63432

low-risk

Published 2025-11-24

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack to intercept, decrypt, and modify traffic between the application and the update server. This serves as the basis for further attacks, including Remote Code Execution.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Xtool Anyscan

Affected Vendors

Xtooltech

References (2)

Third Party Advisory https://github.com/ab3lson/cve-references/tree/master/CVE-2025-63432

Exploit https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xt...

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal