Home

Description

WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic.

PUBLISHED Reserved 2025-09-05 | Published 2025-09-12 | Updated 2025-09-12 | Assigner jpcert




MEDIUM: 4.8CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Improper certificate validation

Product status

prior to 4.4.1
affected

prior to 4.4.0.10
affected

References

apps.apple.com/jp/app/wtw-eagle/id1365998037?uo=4

play.google.com/store/apps/details?id=com.generalcomp.wtw

jvn.jp/en/jp/JVN89109713/

cve.org (CVE-2025-58781)

nvd.nist.gov (CVE-2025-58781)

Download JSON