Directory Traversal Vulnerability in MobSF Mobile Application Security Testing Tool
CVE-2025-58161
1.3LOW
What is CVE-2025-58161?
MobSF, a mobile application security testing framework, presents a directory traversal vulnerability in version 4.4.0. The flaw arises from improper handling of file path verification in the GET /download/ route, allowing an authenticated user to access files stored outside the designated download directory (DWD_DIR) by leveraging relative path structures. This could lead to unauthorized access to sensitive information, as users can retrieve files from adjacent directories that share a common prefix with the DWD_DIR path. The issue has been addressed in version 4.4.1, emphasizing the importance of timely updates to mitigate security risks.
Affected Version(s)
Mobile-Security-Framework-MobSF = 4.4.0
References
CVSS V4
Score:
1.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved