CVE-2025-31116

Medium CVSS: 4.4

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.

Vendor

Opensecurity

Product

Mobile Security Framework

CWE

CWE-918

Yayın Tarihi

2025-03-31 17:15:42

Güncelleme

2025-06-12 19:43:33

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Mobile Security Framework MEDIUM Opensecurity 2025

Referanslar

https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56 https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56

Benzer Kayıtlar

Medium

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `m…

High

CVE-2026-24490

MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vu…

Low

CVE-2025-58161

MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path ve…

Medium

CVE-2025-58162

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a special…

Medium

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-…

High

CVE-2025-46335

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo…