Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 pypi packages depend on mvt (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.5.12.
DescriptionGitHub Advisory
Summary
The fileID field from Manifest.db (a SQLite database inside iOS backups, generated by the device) is used directly in filesystem path construction without validation. This affects two commands through a shared code path:
mvt-ios decrypt-backup(decrypt.py):file_idis used to construct both read source and write destination paths. Traversal sequences infile_idcause decrypted content to be written to an arbitrary location on the analyst's filesystem.mvt-ios check-backup(via_get_backup_file_from_id()inios/modules/base.py): the same unvalidatedfileIDresolves to files outside the backup directory, which are then opened and parsed. Parsed contents flow into JSON results and CSV timeline.
Impact
File write (decrypt-backup): An adversary delivering a crafted iOS backup can cause attacker controlled content to be written to arbitrary paths writable by the analyst process. This could be leveraged for code execution via shell profile modification or SSH key injection. Severity is assessed as Moderate because exploitation requires a specifically crafted malicious bundle to be parsed by the analyst. There are trust mitigations between stakeholders involved in the handoff of the sample that reduce the likelihood of this scenario.
File read (check-backup): An adversary can force MVT to open and parse files outside the backup directory. Practical exploitation is reduced as it requires the attacker to know or guess the analyst’s directory layout for cross-case targeting, and the traversed file from the host must be a valid SQLite database or plist whose schema matches what the specific MVT module expects.
Patched version
Credits
This issue was identified during a security assessment conducted by 0xche.
AnalysisAI
Path traversal in Mobile Verification Toolkit (MVT) pip/mvt versions through 2026.4.28 allows an adversary who delivers a crafted iOS backup to trigger arbitrary file writes or reads on the analyst's filesystem by embedding directory traversal sequences in fileID values within the backup's Manifest.db SQLite database. The decrypt-backup command can write attacker-controlled content to arbitrary writable paths - enabling shell profile modification or SSH key injection for code execution - while check-backup can read arbitrary host files into MVT's JSON and CSV forensic output. No public exploit has been identified at time of analysis; vendor-released patch v2026.5.12 is available.
Technical ContextAI
MVT is a Python-based forensic tool used by security analysts to examine iOS device backups for indicators of compromise such as stalkerware or nation-state spyware. iOS backups contain a SQLite database called Manifest.db that maps fileID values to backed-up device files. The root cause is CWE-22 (Path Traversal): MVT ingests the fileID field from Manifest.db and uses it directly in filesystem path construction without sanitizing traversal sequences. The vulnerability manifests in two distinct code paths - decrypt.py (decrypt-backup command) uses fileID to construct both read source and write destination paths, while _get_backup_file_from_id() in ios/modules/base.py (check-backup command) resolves fileID to open and parse files whose contents flow into JSON results and CSV timelines. The affected package is pkg:pip/mvt, confirmed by GHSA-5h3g-px23-w6vw.
RemediationAI
Upgrade MVT to version 2026.5.12 or later, which resolves the path traversal by adding validation to fileID values before filesystem path construction. Install via pip with: pip install --upgrade mvt. The patched release is available at https://github.com/mvt-project/mvt/releases/tag/v2026.5.12 and the security advisory is at https://github.com/mvt-project/mvt/security/advisories/GHSA-5h3g-px23-w6vw. If immediate patching is not feasible, restrict MVT processing to iOS backups obtained exclusively from fully trusted, controlled, and verified sources - do not process backups received from unknown or potentially adversarial parties. As a defense-in-depth compensating control, run MVT inside a container or sandbox with filesystem volume mounts restricted to only the backup directory and a designated output directory; this limits path traversal write impact to the container scope, though it adds operational overhead to the forensic workflow.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35186
GHSA-5h3g-px23-w6vw