CVE-2024-21633

HIGH NUCLEI

apktool < 2.9.2 - Path Traversal via Resource File Output Path Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-21633. PoCs published by 0x33c0unt. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2024-21633, explaining how an arbitrary file write vulnerability in Apktool can be exploited to achieve RCE in MobSF by overwriting the jadx binary. The writeup includes a step-by-step breakdown of the exploit chain, prerequisites, and the specific conditions required for successful exploitation.

Description

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.

Exploits (1)

nomisec WRITEUP 80 stars

by 0x33c0unt · poc

https://github.com/0x33c0unt/CVE-2024-21633

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2024-21633, explaining how an arbitrary file write vulnerability in Apktool can be exploited to achieve RCE in MobSF by overwriting the jadx binary. The writeup includes a step-by-step breakdown of the exploit chain, prerequisites, and the specific conditions required for successful exploitation.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Mobile Security Framework (MobSF) (versions using Apktool < 2.9.1)

No auth needed

Prerequisites: MobSF running in a Docker environment with known paths · Ability to upload a malicious APK to MobSF · Network connectivity to receive the reverse shell

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059.004 - Unix Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

MobSF - Path Traversal

HIGHVERIFIEDby Will Mccardell

FOFA: title="MobSF"

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory x_refsource_confirm

https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w

Patch x_refsource_misc

https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712

View Patch ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0132

EPSS Percentile 67.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

apktool/apktool < 2.9.2

Published Jan 03, 2024

Tracked Since Feb 18, 2026