Skip to main content

Mobile Security Framework CVE-2025-24804

MEDIUM
Improper Validation of Specified Type of Input (CWE-1287)
2025-02-05 security-advisories@github.com
4.8
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:25 vuln.today
Patch released
Mar 28, 2026 - 18:25 nvd
Patch available
PoC Detected
May 23, 2025 - 17:18 vuln.today
Public exploit code
CVE Published
Feb 05, 2025 - 19:15 nvd
MEDIUM 4.8

DescriptionGitHub Advisory

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the Info.plist file and add special characters to the <key>CFBundleIdentifier</key> value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

AnalysisAI

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1287. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A-Z, a-z, and 0-9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the Info.plist file and add special characters to the <key>CFBundleIdentifier</key> value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Affected products include: Opensecurity Mobile Security Framework. Version information: version 4.3.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-43399 CRITICAL POC
9.8 Aug 19

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2025-46335 HIGH POC
8.6 May 05

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

CVE-2026-24490 HIGH POC
8.1 Jan 27

MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes

CVE-2024-29190 HIGH POC
7.5 Mar 22

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2023-42261 HIGH POC
7.5 Sep 21

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), t

CVE-2022-41547 HIGH POC
7.5 Oct 18

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability

CVE-2025-46730 MEDIUM POC
6.8 May 05

MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remote

CVE-2024-53999 MEDIUM POC
5.4 Dec 03

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2024-41955 MEDIUM POC
5.4 Jul 31

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

CVE-2025-31116 MEDIUM POC
4.4 Mar 31

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2024-54000 HIGH
7.5 Dec 03

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2025-58161 LOW POC
1.3 Sep 02

MobSF is a mobile application security testing tool used. Rated low severity (CVSS 1.3), this vulnerability is remotely

Share

CVE-2025-24804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy