CVE-2024-41955

MEDIUM NUCLEI

Opensecurity Mobile Security Framework < 4.0.5 - Open Redirect

Title source: rule

Description

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.

Nuclei Templates (1)

Open Redirect in Login Redirect - MobSF

MEDIUMVERIFIEDby Farish

FOFA: MobSF

References (2)

[Patch] https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4

Scores

CVSS v3 5.2

EPSS 0.1480

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N

Details

CWE

CWE-601

Status published

Products (2)

opensecurity/mobile_security_framework < 4.0.5

pypi/mobsf 0 - 4.0.5PyPI

Published Jul 31, 2024

Tracked Since Feb 18, 2026