Mobile Security Framework Security Vulnerabilities and Issues — Mobile Security Framework CVE List

Lucene search

OpensecurityMobile Security Framework

16 matches found

CVE•added 2024/03/22 11:15 p.m.•67 views

CVE-2024-29190

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.3AI score0.00314EPSS

CVE•added 2024/12/03 4:15 p.m.•63 views

CVE-2024-54000

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side ...

7.5CVSS7.5AI score0.00314EPSS

CVE•added 2025/02/05 7:15 p.m.•59 views

CVE-2025-24805

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepte...

8.5CVSS6.4AI score0.00054EPSS

CVE•added 2025/03/31 5:15 p.m.•57 views

CVE-2025-31116

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. T...

9.8CVSS4.6AI score0.00314EPSS

CVE•added 2025/02/05 7:15 p.m.•55 views

CVE-2025-24804

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), ...

4.8CVSS6.5AI score0.00119EPSS

CVE•added 2025/05/05 7:15 p.m.•55 views

CVE-2025-46335

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of use...

8.6CVSS5.3AI score0.00054EPSS

CVE•added 2024/04/04 4:15 p.m.•54 views

CVE-2024-31215

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile.A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructu...

6.3CVSS6AI score0.00105EPSS

CVE•added 2023/09/21 10:15 p.m.•51 views

CVE-2023-42261

Mobile Security Framework (MobSF)

7.5CVSS7.7AI score0.0016EPSS

CVE•added 2025/02/05 7:15 p.m.•50 views

CVE-2025-24803

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), ...

8.4CVSS6.2AI score0.00059EPSS

Web

CVE•added 2025/05/05 8:15 p.m.•49 views

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external ve...

6.8CVSS6.7AI score0.0009EPSS

CVE•added 2024/07/31 8:15 p.m.•46 views

CVE-2024-41955

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.

5.4CVSS5.2AI score0.11321EPSS

CVE•added 2022/10/18 3:15 p.m.•44 views

CVE-2022-41547

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.

7.5CVSS7.3AI score0.03276EPSS

CVE•added 2024/08/19 3:15 p.m.•42 views

CVE-2024-43399

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure in...

9.8CVSS7.6AI score0.0009EPSS

CVE•added 2024/12/03 4:15 p.m.•42 views

CVE-2024-53999

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS7.2AI score0.00567EPSS

CVE•added 2025/09/02 1:15 a.m.•6 views

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute path...

5.3CVSS6.2AI score0.00155EPSS

CVE•added 2025/09/02 1:15 a.m.•5 views

CVE-2025-58162

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.

6.5CVSS6.3AI score0.00073EPSS