CVE-2025-24804

CVE-2025-24804 affects MobSF (Mobile Security Framework). A flaw in the Info.plist CFBundleIdentifier parsing allows an attacker to inject special characters into the bundle ID, causing the application to fail to render content and throw a 500 error (DoS-like unavailability). The vulnerability is...

CVE-2025-24804 Partial Denial of Service (DoS) in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

CVE-2025-24805 Local Privilege Escalation in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted...

CVE-2025-24805

CVE-2025-24805 concerns the Mobile Security Framework (MobSF). A local-privilege issue affects users with minimal privileges who can obtain an API token with elevated privileges, enabling access to materials scoped beyond their rights via the token mechanism (notably involving the /source_code/to...

CVE-2025-24805 Local Privilege Escalation in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted...

CVE-2024-43399

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

CVE-2024-29190

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

CVE-2024-54000

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...

Mobile Security Framework 跨站脚本漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application from Mobile Security Framework open source. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. Mobile Security Framework MobSF suffers...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

PT-2025-5746 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to...

PT-2025-5745

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue concerns a stored cross-site scripting XSS vulnerability in the iOS Dynamic Analyzer functionality of the Mobile Security Framework MobSF. According to Apple's...

PT-2025-5747 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions prior to 4.3.1 Description: The issue allows a local user with minimal privileges to use an access token for materials for scopes which it should not be accepted. This is due to improper privilege...

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

CISA: International Chemical Security Framework

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Server-Side Request Forgery (SSRF)

Mobile Security Framework MobSF is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of HTTP redirects in the checkurl method, where the requests.get function is configured with allowredirects=True. This allows an SSRF when a request to...

Cross-site Scripting (XSS)

Mobile Security Framework MobSF is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of filenames, allowing malicious users to upload script files that can execute when the "Diff or Compare" functionality is used...

USN-7139-1: Apache Shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality

Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerabilit...