CVE-2025-46408

Published: Sep 15, 2025Modified: Oct 17, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.

Affected (1)

Products: Avtech: Eagleeyes(lite)

Avtech

1 product

Eagleeyes(lite)

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avtech Eagleeyes(lite)	Version 2.0.0

Related CWEs

CWE-297

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (2)

https://github.com/shinyColumn/CVE-2025-46408

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shinyColumn/CVE-2025-46408

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.