CVE-2025-50944

HIGH

AVTECH EagleEyes 2.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50944. PoCs published by shinyColumn.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-50944, an improper certificate validation vulnerability in the EagleEyes Lite Android application (version 2.0.0). It includes root cause analysis, affected code snippets, and mitigation recommendations.

Description

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.

Exploits (1)

nomisec WRITEUP
by shinyColumn · poc
https://github.com/shinyColumn/CVE-2025-50944

The repository provides a detailed technical analysis of CVE-2025-50944, an improper certificate validation vulnerability in the EagleEyes Lite Android application (version 2.0.0). It includes root cause analysis, affected code snippets, and mitigation recommendations.

Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: EagleEyes Lite Android Application 2.0.0
No auth needed
Prerequisites: Network access to intercept traffic · Self-signed or rogue certificate
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/shinyColumn/CVE-2025-50944
Exploit, Third Party Advisory
https://shinycolumn.notion.site/eagleeyes-lite

Scores

CVSS v3 8.8
EPSS 0.0025
EPSS Percentile 15.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-295
Status published
Products (1)
avtech/eagleeyes\(lite\) 2.0.0
Published Sep 15, 2025
Tracked Since Feb 18, 2026