CVE-2025-50110
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| avtech | eagleeyes_lite | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AVTECH EagleEyes Lite 2.0.0 involves the GetHttpsResponse method transmitting sensitive information such as internal server URLs, account IDs, passwords, and device tokens as plaintext query parameters within HTTPS requests. Although HTTPS is used, placing sensitive data in the URL query string exposes it to interception through man-in-the-middle attacks or logging by intermediate systems, compromising confidentiality and increasing the risk of unauthorized access. [1]
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive information including account credentials and device tokens, which attackers could intercept or access through logs or network monitoring. This exposure increases the risk of unauthorized access to AVTECH CCTV systems, potentially allowing attackers to compromise device security and user privacy. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTPS requests made by the EagleEyes Lite Android application version 2.0.0, specifically looking for URLs in query parameters that contain sensitive information such as account_id, password, device tokens, or internal server URLs in plaintext. A practical approach is to use a hooking tool like Frida with a script (e.g., hook.js) to intercept calls to the GetHttpsResponse() method and inspect the URL parameters. Additionally, network traffic analysis tools can be used to capture HTTPS requests and check for sensitive data in URL query strings, although HTTPS encryption may require device-level interception or debugging proxies on Android devices below version 8.0. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to avoid transmitting sensitive information such as account IDs, passwords, device tokens, and internal server URLs in the URL query parameters. Instead, these credentials should be sent securely within the HTTPS request body using POST parameters. This prevents exposure of sensitive data in URLs, logs, or intermediary systems. Additionally, updating the application or patching it to ensure that the secure method GetHttpsUrlResponse() is used instead of the vulnerable GetHttpsResponse() method is recommended. [1]