Directory Traversal Vulnerability in MobSF Mobile Application Security Testing Tool
CVE-2025-58161

1.3LOW

Key Information:

Vendor

Mobsf

Status
Mobile-security-framework-mobsf
Vendor
CVE Published:
2 September 2025

What is CVE-2025-58161?

MobSF, a mobile application security testing framework, presents a directory traversal vulnerability in version 4.4.0. The flaw arises from improper handling of file path verification in the GET /download/ route, allowing an authenticated user to access files stored outside the designated download directory (DWD_DIR) by leveraging relative path structures. This could lead to unauthorized access to sensitive information, as users can retrieve files from adjacent directories that share a common prefix with the DWD_DIR path. The issue has been addressed in version 4.4.1, emphasizing the importance of timely updates to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mobile-Security-Framework-MobSF = 4.4.0

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_CONFIRM
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_MISC
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
x_refsource_MISC

CVSS V4

Score:
1.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.