Login Sign Up

CVE-2025-58162

6.5 MEDIUM
Path Traversal

📋 TL;DR

CVE-2025-58162 is an arbitrary file write vulnerability in MobSF version 4.4.0. Authenticated users can upload specially crafted files to write arbitrary content to any directory writable by the MobSF process. This affects organizations using MobSF 4.4.0 for mobile application security testing.

💻 Affected Systems

Products:
  • Mobile Security Framework (MobSF)
Versions: 4.4.0 only
Operating Systems: All platforms running MobSF
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations where authenticated users can upload files.

📦 What is this software?

Mobile Security Framework by Opensecurity

View all CVEs affecting Mobile Security Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution if attacker writes malicious files to executable locations or configuration files.

🟠

Likely Case

Data corruption, denial of service, or privilege escalation by overwriting critical files.

🟢

If Mitigated

Limited impact if file permissions restrict writable directories to non-critical areas.

🌐 Internet-Facing: MEDIUM - Requires authentication but could lead to significant compromise if exposed.
🏢 Internal Only: MEDIUM - Internal attackers with credentials could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and knowledge of the target directory structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.1

Vendor Advisory: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3

Restart Required: No

Instructions:

1. Backup current MobSF configuration and data. 2. Update to version 4.4.1 using: pip install --upgrade mobsf. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict file upload permissions

all

Limit which directories the MobSF process can write to using file system permissions.

chmod -R 755 /path/to/mobsf/writable/dirs
chown -R mobsf:restricted_group /path/to/mobsf/writable/dirs

Disable file upload functionality

all

Temporarily disable file uploads in MobSF if not required.

Modify MobSF configuration to disable upload endpoints

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can authenticate to MobSF.
  • Monitor file system changes in MobSF writable directories for unauthorized modifications.

🔍 How to Verify

Check if Vulnerable:

Check MobSF version: mobsf --version or examine package metadata.

Check Version:

mobsf --version

Verify Fix Applied:

Confirm version is 4.4.1 or later and test file upload functionality with safe test files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations in MobSF logs
  • Multiple failed upload attempts followed by successful writes

Network Indicators:

  • Unusual upload patterns to MobSF endpoints

SIEM Query:

source="mobsf.log" AND ("file write" OR "upload" AND "success")

📊 Metadata

CVE ID: CVE-2025-58162
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
EPSS Score: 0.15% exploit probability (36.2th percentile)
Published: September 2, 2025
Last Updated: September 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58162, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)