Xtooltech Xtool Anyscan — known CVE vulnerabilities
Every CVE whose affected-product data names Xtooltech Xtool Anyscan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-63434 — CVSS 8.8 (high): The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts…
CVE-2025-63432 — CVSS 4.6 (medium): Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly…
CVE-2025-63433 — CVSS 4.6 (medium): Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key…
CVE-2025-63435 — CVSS 4.3 (medium): Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible…