CVE-2025-24805

MEDIUM

Mobile Security Framework < 4.3.1 - Improper Privilege Management via Access Token

Title source: llm

Description

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m

Patch x_refsource_misc

https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0033

EPSS Percentile 25.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

opensecurity/mobile_security_framework < 4.3.1

pypi/mobsf 0 - 4.3.1PyPI

Published Feb 05, 2025

Tracked Since Feb 18, 2026