CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24803 – Stored Cross-Site Scripting (XSS) in MobSF
https://notcve.org/view.php?id=CVE-2025-24803
05 Feb 2025 — Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24804 – Partial Denial of Service (DoS) in MobSF
https://notcve.org/view.php?id=CVE-2025-24804
05 Feb 2025 — Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24805 – Local Privilege Escalation in MobSF
https://notcve.org/view.php?id=CVE-2025-24805
05 Feb 2025 — Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 • CWE-269: Improper Privilege Management •