疑似Oday
Improper Certificate Chain Validation in EagleEyes Lite Android Application# CVE-2025-50944
### Improper Certificate Chain Validation in EagleEyes Lite Android Application
## 1. Overview
<img src="images/eagleeyes-icon.png" align="left" width="150" hspace="10"/>
<br clear="left"/>
- **Application**: EagleEyes(Lite)
- **Version**: 2.0.0
- **Vendor**: AVTECH
- **CWE**: [CWE-295: Improper Certificate Validation](https://cwe.mitre.org/data/definitions/295.html)
- **CVSS**:
- **Vector String**:
## 2. Summary
EagleEyes Lite (version 2.0.0) fails to properly validate SSL/TLS server certificates during HTTPS communication.
The application implements a custom `X509TrustManager` in `push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted()` that only checks certificate expiration and omits complete certificate chain validation.
As a result, attackers can exploit this weakness to perform MITM attacks using self-signed or rogue certificates, leading to interception and manipulation of sensitive surveillance data.
## 3. Details
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.
```javascript
@Override // javax.net.ssl.X509TrustManager
public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
try {
x509CertificateArr[0].checkValidity();
} catch (Exception unused) {
throw new CertificateException("Certificate not valid or trusted.");
}
}
```
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.
This enables a MITM attacker to easily intercept or modify sensitive communications between the application and its backend server.
## 4. Recommendations
The application should replace the custom `X509TrustManager` with the default system implementation that validates the full certificate chain. Proper hostname verification must be enforced to prevent accepting mismatched or untrusted certificates.
Insecure fallback logic for legacy Android versions should be removed or updated with equivalent security checks to ensure consistent TLS validation.
## 5. References
- https://github.com/shinyColumn/CVE-2025-46408
- https://github.com/shinyColumn/CVE-2025-50110
[4.0K] /data/pocs/4f474a5783ec0656e024e580067dacd470f425d8
├── [4.0K] images
│ └── [ 31K] eagleeyes-icon.png
└── [2.3K] README.md
1 directory, 2 files