CVE-2025-24805 – CVE-2025-24805 is an improper privilege managem... (How to Fix)

Q: What is the severity of CVE-2025-24805?

CVE-2025-24805 has a CVSS score of 5.5 (MEDIUM). CVE-2025-24805 is an improper privilege management vulnerability in Mobile Security Framework (MobSF) where local users with minimal privileges can misuse access tokens to access materials beyond their authorized scopes. This affects all MobSF users running versions before 4.3.1. The vulnerability allows privilege escalation within the MobSF environment.

📋 TL;DR

CVE-2025-24805 is an improper privilege management vulnerability in Mobile Security Framework (MobSF) where local users with minimal privileges can misuse access tokens to access materials beyond their authorized scopes. This affects all MobSF users running versions before 4.3.1. The vulnerability allows privilege escalation within the MobSF environment.

💻 Affected Systems

Products:

Mobile Security Framework (MobSF)

Versions: All versions before 4.3.1

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all MobSF deployments regardless of operating system. The vulnerability exists in the framework's access control mechanism.

📦 What is this software?

Mobile Security Framework by Opensecurity

View all CVEs affecting Mobile Security Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local attacker could access sensitive mobile application analysis data, configuration files, or potentially modify analysis results, compromising the integrity of security assessments.

🟠

Likely Case

Unauthorized access to analysis reports, uploaded application files, or configuration data that should be restricted to higher-privileged users.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized local access to MobSF instances.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation issue requiring local access to the MobSF instance.

🏢 Internal Only: MEDIUM - Internal users with minimal access could escalate privileges within MobSF, potentially accessing sensitive analysis data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access with minimal privileges. The advisory suggests the issue is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1

Vendor Advisory: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m

Restart Required: Yes

Instructions:

1. Backup current MobSF configuration and data. 2. Stop the MobSF service. 3. Update to version 4.3.1 using pip: 'pip install --upgrade mobsf==4.3.1'. 4. Restart the MobSF service. 5. Verify the update was successful.

🧯 If You Can't Patch

Restrict local access to MobSF instances to only trusted, necessary users.
Implement network segmentation to isolate MobSF instances from general user networks.

🔍 How to Verify

Check if Vulnerable:

Check MobSF version by running: 'mobsf --version' or check the web interface footer. If version is below 4.3.1, the system is vulnerable.

Check Version:

mobsf --version

Verify Fix Applied:

After updating, verify the version shows 4.3.1 or higher using 'mobsf --version' command.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to restricted endpoints
Access attempts from low-privilege users to high-privilege resources

Network Indicators:

Local network connections to MobSF from unexpected user accounts

SIEM Query:

source="mobsf.log" AND (event="unauthorized_access" OR event="access_denied")

📊 Metadata

CVE ID: CVE-2025-24805

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-269

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: February 5, 2025

Last Updated: May 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24805, you might also want to check these: