CVE-2025-24805

High CVSS: 8.5

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Opensecurity

Product

Mobile Security Framework

CWE

CWE-269

Yayın Tarihi

2025-02-05 19:15:46

Güncelleme

2025-05-23 17:01:45

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-269 Mobile Security Framework HIGH Opensecurity 2025

Referanslar

https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m

Benzer Kayıtlar

Medium

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `m…

High

CVE-2026-24490

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vu…

Low

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path ve…

Medium

CVE-2025-58162

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a special…

Medium

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-…

High

CVE-2025-46335

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo…