2 matches found
CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...
CVE-2025-58161
MobSF (Mobile Security Framework) CVE-2025-58161: The 4.4.0 release exposes a directory traversal via GET /download/ caused by using os.path.commonprefix for path validation. An authenticated user can access files outside the DWD_DIR by requesting a path like /download////file (or equivalents tha...