CVE-2025-50944
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-10-14

Assigner: MITRE

Description
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-50944
EUVD
EUVD-2025-29191
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
avtech eagleeyes\(lite\) 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the AVTECH EagleEyes 2.0.0 application where a custom X509TrustManager implementation in the method checkServerTrusted only checks the SSL/TLS certificate's expiration date but does not perform full certificate chain validation. This means it does not verify if the certificate is issued by a trusted Certificate Authority or if the chain is valid, allowing attackers to use self-signed or rogue certificates to bypass security checks. [1]

Impact Analysis

Because the application does not properly validate SSL/TLS certificates, an attacker can perform man-in-the-middle (MITM) attacks by presenting fake certificates. This can lead to interception and potential manipulation of sensitive surveillance data transmitted between the EagleEyes Lite app and its backend server over HTTPS, compromising confidentiality and integrity. [1]

Detection Guidance

This vulnerability can be detected by analyzing the SSL/TLS certificate validation behavior of the EagleEyes Lite Android application version 2.0.0. Specifically, you can test for acceptance of self-signed or rogue certificates during HTTPS connections to the backend server, indicating improper certificate chain validation. Network monitoring tools like Wireshark can be used to inspect TLS handshakes for suspicious certificates. Additionally, testing with tools such as OpenSSL s_client or custom scripts to present invalid or self-signed certificates to the application and observing if the connection is accepted can help detect the vulnerability. Commands like 'openssl s_client -connect <server>:443 -showcerts' can be used to inspect server certificates, but detection requires testing the client behavior against invalid certificates, which may require a controlled MITM proxy setup (e.g., using mitmproxy) to present rogue certificates and observe if the application accepts them. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the custom X509TrustManager implementation in the EagleEyes Lite application with the default system implementation that performs full certificate chain validation. Enforce proper hostname verification to ensure certificates match the expected hostnames. Remove or update any insecure fallback logic for legacy Android versions to maintain consistent and secure TLS validation. These steps will prevent acceptance of self-signed or rogue certificates and protect against man-in-the-middle attacks. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-50944. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart