CVE-2025-24805

MEDIUM

Opensecurity Mobile Security Framework - Improper Privilege Management

Title source: rule

Description

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m

Patch x_refsource_misc

https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

opensecurity/mobile_security_framework < 4.3.1

pypi/mobsf 0 - 4.3.1PyPI

Published Feb 05, 2025

Tracked Since Feb 18, 2026