Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-50944 PoC — AVTECH EagleEyes 安全漏洞

Source
https://github.com/shinyColumn/CVE-2025-50944
Associated Vulnerability
Title:AVTECH EagleEyes 安全漏洞 (CVE-2025-50944)
Description:An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
Description
Improper Certificate Chain Validation in EagleEyes Lite Android Application
Readme
# CVE-2025-50944
### Improper Certificate Chain Validation in EagleEyes Lite Android Application

## 1. Overview

<img src="images/eagleeyes-icon.png" align="left" width="150" hspace="10"/>
<br clear="left"/>

- **Application**: EagleEyes(Lite)  
- **Version**: 2.0.0  
- **Vendor**: AVTECH  
- **CWE**: [CWE-295: Improper Certificate Validation](https://cwe.mitre.org/data/definitions/295.html)  
- **CVSS**:   
- **Vector String**:   
## 2. Summary
EagleEyes Lite (version 2.0.0) fails to properly validate SSL/TLS server certificates during HTTPS communication.  
The application implements a custom `X509TrustManager` in `push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted()` that only checks certificate expiration and omits complete certificate chain validation.  
As a result, attackers can exploit this weakness to perform MITM attacks using self-signed or rogue certificates, leading to interception and manipulation of sensitive surveillance data.  

## 3. Details
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
```javascript
@Override // javax.net.ssl.X509TrustManager
public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    try {
        x509CertificateArr[0].checkValidity();
    } catch (Exception unused) {
        throw new CertificateException("Certificate not valid or trusted.");
    }
}
```
Through custom `X509TrustManager`, the application only verifies the expiration date of the certificate and does not validate whether the certificate chain is properly trusted.  
This enables a MITM attacker to easily intercept or modify sensitive communications between the application and its backend server.  

## 4. Recommendations
The application should replace the custom `X509TrustManager` with the default system implementation that validates the full certificate chain. Proper hostname verification must be enforced to prevent accepting mismatched or untrusted certificates.  
Insecure fallback logic for legacy Android versions should be removed or updated with equivalent security checks to ensure consistent TLS validation.
## 5. References
- https://github.com/shinyColumn/CVE-2025-46408
- https://github.com/shinyColumn/CVE-2025-50110
File Snapshot

 [4.0K]  /data/pocs/4f474a5783ec0656e024e580067dacd470f425d8
├── [4.0K]  images
│   └── [ 31K]  eagleeyes-icon.png
└── [2.3K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →