CVE-2025-46408
CRITICALDescription
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
Is your site exposed to CVE-2025-46408?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| avtech | eagleeyes\(lite\) |
References
Frequently Asked Questions
What is CVE-2025-46408? +
How severe is CVE-2025-46408? +
What products are affected by CVE-2025-46408? +
How do I check if I'm vulnerable to CVE-2025-46408? +
Related Vulnerabilities
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. …
Allow attackers to intercept or falsify data exchanges between the client and the server
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the …
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, …
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName …
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.