Vulnerability Details CVE-2025-63435
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-63435
-
cpe:2.3:a:xtooltech:xtool_anyscan:*