CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

CVE-2025-46730

MobSF (Mobile Security Framework) versions up to 4.3.2 are vulnerable to a ZIP of Death due to missing a check on the total uncompressed size of uploaded ZIP files. An attacker can craft a small ZIP that expands to gigabytes, exhausting disk space and causing a DoS affecting MobSF and other on‑ho...