Lucene search
K

99 matches found

OSV
OSV
added 2025/09/02 5:14 p.m.6 views

GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames

Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...

5.3CVSS6.9AI score0.0073EPSS
Exploits1References4
Snyk
Snyk
added 2025/09/02 5:12 p.m.8 views

Directory Traversal

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Directory...

7CVSS7.7AI score0.0056EPSS
Exploits1References2
OSV
OSV
added 2025/09/02 5:12 p.m.18 views

GHSA-9GH8-9R95-3FC3 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded...

6.5CVSS6.7AI score0.0056EPSS
Exploits1References4
NVD
NVD
added 2025/09/02 1:15 a.m.6 views

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute pat...

5.3CVSS0.0073EPSS
Exploits1References3
NVD
NVD
added 2025/09/02 1:15 a.m.6 views

CVE-2025-58162

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...

6.5CVSS0.0056EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/02 12:46 a.m.2 views

CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...

6.5CVSS6.3AI score0.0056EPSS
Exploits1References3
CVE
CVE
added 2025/09/02 12:46 a.m.26 views

CVE-2025-58162

Summary: CVE-2025-58162 affects MobSF. An authenticated user uploading a specially crafted .a archive can write arbitrary files to any location writable by the MobSF process, due to improper handling of absolute paths during AR extraction (ar_extract writes Path(dst)/filtered without validating a...

6.5CVSS6.3AI score0.0056EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/09/02 12:46 a.m.7 views

CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...

6.5CVSS6.6AI score0.0056EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/02 12:45 a.m.1 views

CVE-2025-58161 MobSF Path Traversal in GET /download/<filename> using absolute filenames

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute pat...

5.3CVSS6.2AI score0.0073EPSS
Exploits1References3
Circl
Circl
added 2025/08/31 2:36 a.m.8 views

CVE-2025-58161

creationtimestamp| type| source ---|---|--- 2025-08-31 02:36:04+00:00| published-proof-of-concept| https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-ccc3-fvfx-mw3v...

5.3CVSS6AI score0.0073EPSS
Exploits1References1
Redos
Redos
added 2025/08/07 12:0 a.m.8 views

ROS-20250807-04

Git distributed version control system vulnerability in software development tools Microsoft Visual Studio is related to the use of an unreliable search path when spell checking of cloned repositories. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when clonin...

8.6CVSS8AI score0.02775EPSS
Exploits10
OSV
OSV
added 2025/06/27 8:43 p.m.5 views

GHSA-M435-9V6R-V5F6 MobSF vulnerability allows SSRF due to the allow_redirects=True parameter

Summary The fix for the "SSRF Vulnerability on assetlinkscheckactname, wellknowns" vulnerability could potentially be bypassed. Details Since the requests.get request in the checkurl method is specified as allowredirects=True, if "https://mydomain.com/.well-known/assetlinks.json" returns a 302...

7.5CVSS6.6AI score0.00407EPSS
Exploits0References5
Veracode
Veracode
added 2025/05/12 3:4 a.m.10 views

ZIP Of Death (zip Bomb) Attack

MobSF is vulnerable to a ZIP of Death zip bomb Attack. The vulnerability is due to lack of checks on the total uncompressed size of uploaded ZIP files, allowing attackers to exhaust server disk space during extraction...

6.8CVSS6.6AI score0.00411EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/07 8:12 p.m.7 views

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References1
NVD
NVD
added 2025/05/05 8:15 p.m.14 views

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS0.00411EPSS
Exploits1References2
OSV
OSV
added 2025/05/05 7:32 p.m.32 views

GHSA-C5VG-26P8-Q8CR Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

Vulnerable MobSF Versions: = v4.3.2 Details: MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web application...

6.8CVSS6.8AI score0.00411EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/05/05 7:32 p.m.28 views

Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

Vulnerable MobSF Versions: = v4.3.2 Details: MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web application...

6.8CVSS6.8AI score0.00411EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/05/05 7:32 p.m.16 views

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS0.00411EPSS
Exploits1References2
OSV
OSV
added 2025/05/05 7:32 p.m.8 views

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS6.3AI score0.00411EPSS
Exploits1References4
CVE
CVE
added 2025/05/05 7:32 p.m.71 views

CVE-2025-46730

MobSF (Mobile Security Framework) versions up to 4.3.2 are vulnerable to a ZIP of Death due to missing a check on the total uncompressed size of uploaded ZIP files. An attacker can craft a small ZIP that expands to gigabytes, exhausting disk space and causing a DoS affecting MobSF and other on‑ho...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder