Mobile Application Security Flaw in MobSF by Mobile Security Framework
CVE-2025-24804

4.8MEDIUM

Key Information:

Vendor
Mobsf
Status
Mobile-security-framework-mobsf
Vendor
CVE Published:
5 February 2025

Summary

The Mobile Security Framework (MobSF) vulnerability arises when an attacker alters the bundle identifier in the Info.plist file to include special characters not permitted by Apple's guidelines. This manipulation leads to parsing errors, resulting in content not being displayed and a 500 error being thrown. Removal of the affected application is necessary to restore functionality. This flaw has been addressed in version 4.3.1, and users are strongly encouraged to upgrade to mitigate potential risks.

Affected Version(s)

Mobile-Security-Framework-MobSF = 4.3.0

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_CONFIRM
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_MISC
https://developer.apple.com/documentation/bundleresources...
x_refsource_MISC

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.