CVE-2025-24803 – CVE-2025-24803 is a stored cross-site scripting... (How to Fix)

Q: What is the severity of CVE-2025-24803?

CVE-2025-24803 has a CVSS score of 5.4 (MEDIUM). CVE-2025-24803 is a stored cross-site scripting (XSS) vulnerability in Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts by manipulating bundle identifiers in iOS app analysis. This affects all MobSF users performing dynamic analysis of iOS applications. The vulnerability exists because the dynamic_analysis.html file doesn't sanitize bundle ID values received from Corellium.

📋 TL;DR

CVE-2025-24803 is a stored cross-site scripting (XSS) vulnerability in Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts by manipulating bundle identifiers in iOS app analysis. This affects all MobSF users performing dynamic analysis of iOS applications. The vulnerability exists because the dynamic_analysis.html file doesn't sanitize bundle ID values received from Corellium.

💻 Affected Systems

Products:

Mobile Security Framework (MobSF)

Versions: All versions before 4.3.1

Operating Systems: All platforms running MobSF

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects iOS application analysis when using dynamic analysis features with Corellium integration.

📦 What is this software?

Mobile Security Framework by Opensecurity

View all CVEs affecting Mobile Security Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary JavaScript in the context of MobSF users, potentially stealing session cookies, performing actions as authenticated users, or delivering malware.

🟠

Likely Case

Attackers could deface the MobSF interface, steal session tokens to gain unauthorized access, or redirect users to malicious sites.

🟢

If Mitigated

With proper input validation and output encoding, the attack would be prevented entirely with no impact.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the attacker to have control over the iOS app bundle ID being analyzed, which typically means they need to modify the Info.plist file of an app before submitting it to MobSF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1

Vendor Advisory: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-cxqq-w3x5-7ph3

Restart Required: Yes

Instructions:

1. Backup your current MobSF installation and data. 2. Update MobSF to version 4.3.1 using pip: 'pip install --upgrade mobsf==4.3.1'. 3. Restart the MobSF service. 4. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Disable iOS dynamic analysis

all

Temporarily disable dynamic analysis of iOS applications until patching is possible

Modify MobSF configuration to disable iOS dynamic analysis features

🧯 If You Can't Patch

Implement a web application firewall (WAF) with XSS protection rules
Restrict access to MobSF to trusted users only and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if MobSF version is below 4.3.1 and if iOS dynamic analysis is enabled

Check Version:

mobsf --version or check the about page in the MobSF web interface

Verify Fix Applied:

Verify MobSF version is 4.3.1 or higher and test iOS app analysis with special characters in bundle ID

📡 Detection & Monitoring

Log Indicators:

Unusual characters in bundle ID fields
JavaScript execution errors in dynamic analysis logs

Network Indicators:

Suspicious outbound connections from MobSF server after iOS analysis

SIEM Query:

source="mobsf" AND ("CFBundleIdentifier" OR "bundle" OR "dynamic_analysis") AND ("<script>" OR "javascript:" OR special characters)

📊 Metadata

CVE ID: CVE-2025-24803

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.21% exploit probability (43.7th percentile)

Published: February 5, 2025

Last Updated: July 7, 2025

🔗 References

https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier Technical Description
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 Patch
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-cxqq-w3x5-7ph3 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24803, you might also want to check these: