CNNVD-202509-224 Information
CNNVD ID
CNNVD-202509-224
Related CVE
- CNNVD Published: 2025-09-02
Description (Chinese)
Mobile Security Framework(MobSF)是Mobile Security Framework开源的一种自动化的一体化移动应用程序。用于渗透测试、恶意软件分析和安全评估,能够执行静态和动态分析。 Mobile Security Framework 4.4.0版本存在路径遍历漏洞,该漏洞源于GET /download/路由路径验证不当,可能导致目录遍历和数据泄露。
Description (English)
Mobile Security Platform (MobSF) is an automated, integrated mobile application from the Mobile Security Platform Open Source. For penetration testing, malicious software analysis and security assessment, static and dynamic analysis can be performed. Mobile Security version 4.4.0 has a loophole in the path, which stems from the inappropriate authentication of the GET/download/routing path, which may lead to the catalog and data leaking.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Mobile Security Framework
Published
2025-09-02
Last Modified
2026-02-24
References
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-ccc3-fvfx-mw3v https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.1 https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/7f3bc086c028c1b50889cab8a15f7b59b7abdaf9 https://access.redhat.com/security/cve/cve-2025-58161 https://nvd.nist.gov/vuln/detail/CVE-2025-58161
Patch
https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases
Share on: