Lucene search
K

4 matches found

Veracode
Veracode
added 2025/05/12 3:4 a.m.9 views

ZIP Of Death (zip Bomb) Attack

MobSF is vulnerable to a ZIP of Death zip bomb Attack. The vulnerability is due to lack of checks on the total uncompressed size of uploaded ZIP files, allowing attackers to exhaust server disk space during extraction...

6.8CVSS6.6AI score0.00411EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/05 7:32 p.m.28 views

Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

Vulnerable MobSF Versions: = v4.3.2 Details: MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web application...

6.8CVSS6.8AI score0.00411EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/05 7:32 p.m.10 views

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References2
CVE
CVE
added 2025/05/05 7:32 p.m.71 views

CVE-2025-46730

MobSF (Mobile Security Framework) versions up to 4.3.2 are vulnerable to a ZIP of Death due to missing a check on the total uncompressed size of uploaded ZIP files. An attacker can craft a small ZIP that expands to gigabytes, exhausting disk space and causing a DoS affecting MobSF and other on‑ho...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder