Man-in-the-Middle Vulnerability in WTW-EAGLE App by GeneralComp
CVE-2025-58781

6.3MEDIUM

Key Information:

Vendor: Wireless Tsukamoto Co., Ltd.
Status: Wtw-eagle App For iOS; Wtw-eagle App For Android
Vendor: CVE Published:; 12 September 2025

🔔 Create Wireless Tsukamoto Co., Ltd. Vulnerability Alert

What is CVE-2025-58781?

The WTW-EAGLE App, developed by GeneralComp, lacks proper validation of server certificates. This flaw creates a potential avenue for a man-in-the-middle attacker to intercept and monitor encrypted communications, significantly compromising user privacy and security. Users are urged to remain vigilant and seek updates or patches as the vulnerability may expose sensitive information.

Affected Version(s)

WTW-EAGLE App for Android prior to 4.4.0.10

WTW-EAGLE App for iOS prior to 4.4.1

References

https://apps.apple.com/jp/app/wtw-eagle/id1365998037?uo=4

https://play.google.com/store/apps/details?id=com.general...

https://jvn.jp/en/jp/JVN89109713/

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Sep 5, 2025