Update MobSF Now: Fixes for Two Major Vulnerabilities
The Mobile Security Framework (MobSF), a widely used tool for mobile app security testing, has been found to have two critical vulnerabilities: CVE-2025-24805 and CVE-2025-24803. These security flaws could let attackers gain unauthorized access to sensitive data or disrupt the software’s normal operations. As a result, users relying on MobSF for security assessments face significant risks and should take immediate action. Addressing these vulnerabilities promptly is essential to maintaining a secure environment and preventing potential exploitation.
Vulnerabilities
CVE-2025-24805 is a local privilege escalation vulnerability discovered by Egor Filatov of Positive Technologies. The issue arises due to flawed user role management within MobSF, allowing any registered user to obtain an API token with full administrative privileges. This flaw enables a low-privileged attacker to access sensitive data or perform privileged actions that they should not be authorized to execute. Exploiting this vulnerability could compromise the confidentiality and integrity of mobile security assessments, making it crucial for users to apply the necessary security patches as soon as possible.
CVE-2025-24803 is a partial denial-of-service (DoS) vulnerability that can be triggered by specific, undisclosed network traffic. When exploited, this flaw leads to excessive memory and CPU usage, significantly degrading MobSF’s performance and responsiveness. Although it does not result in a complete system crash, it can slow down security testing processes and make the framework unreliable for users conducting mobile application security assessments. Given the importance of MobSF in identifying security risks in mobile applications, any disruption to its performance can have serious implications for organizations and security professionals who depend on it for thorough and accurate vulnerability testing.
Recommendations
The MobSF development team has acted swiftly in response to these vulnerabilities by releasing version 4.3.1, which addresses both security flaws. Users are strongly advised to update their MobSF installations immediately to mitigate the risks associated with these vulnerabilities.
See more: Infosec News: RansomHub Claims Breach at American Standard
See more: Critical Vulnerability Discovered in SonicWall SSLVPN
We hope you found article interesting. For more exclusive content follow us on Facebook, Twitter and LinkedIn
