Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-50944 PoC — AVTECH EagleEyes 安全漏洞

Source
https://github.com/shinyColumn/CVE-2025-50944
Associated Vulnerability
Title:AVTECH EagleEyes 安全漏洞 (CVE-2025-50944)
Description:AVTECH EagleEyes是中国台湾陞泰科技(AVTECH)公司的一款远程即时监控移动应用。 AVTECH EagleEyes 2.0.0版本存在安全漏洞,该漏洞源于自定义X509TrustManager仅检查证书过期日期,跳过TLS链验证。
Description
Improper Certificate Chain Validation in EagleEyes Lite Android Application
Readme
# CVE-2025-50944
### Improper Certificate Chain Validation in EagleEyes Lite Android Application

## 1. Overview

<img src="images/eagleeyes-icon.png" align="left" width="150" hspace="10"/>
<br clear="left"/>

- **Application**: EagleEyes(Lite)  
- **Version**: 2.0.0  
- **Vendor**: AVTECH  
- **CWE**: [CWE-295: Improper Certificate Validation](https://cwe.mitre.org/data/definitions/295.html)  
- **CVSS**:   
- **Vector String**:   
## 2. Summary
EagleEyes Lite (version 2.0.0) fails to properly validate SSL/TLS server certificates during HTTPS communication.  
The application implements a custom `X509TrustManager` in `push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted()` that only checks certificate expiration and omits complete certificate chain validation.  
As a result, attackers can exploit this weakness to perform MITM attacks using self-signed or rogue certificates, leading to interception and manipulation of sensitive surveillance data.  

## 3. Details
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
```javascript
@Override // javax.net.ssl.X509TrustManager
public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    try {
        x509CertificateArr[0].checkValidity();
    } catch (Exception unused) {
        throw new CertificateException("Certificate not valid or trusted.");
    }
}
```
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
This enables a MITM attacker to easily intercept or modify sensitive communications between the application and its backend server.  

## 4. Recommendations
The application should replace the custom `X509TrustManager` with the default system implementation that validates the full certificate chain. Proper hostname verification must be enforced to prevent accepting mismatched or untrusted certificates.  
Insecure fallback logic for legacy Android versions should be removed or updated with equivalent security checks to ensure consistent TLS validation.
## 5. References
- https://github.com/shinyColumn/CVE-2025-46408
- https://github.com/shinyColumn/CVE-2025-50110
File Snapshot

 [4.0K]  /data/pocs/4f474a5783ec0656e024e580067dacd470f425d8
├── [4.0K]  images
│   └── [ 31K]  eagleeyes-icon.png
└── [2.3K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.