📦 Mobile Security Framework
by Opensecurity
🔍 What is Mobile Security Framework?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
MobSF versions before 4.2.9 have a stored XSS vulnerability in the 'Diff or Compare' functionality. Attackers can upload malicious script files that execute when users access the comparison feature, p...
This vulnerability allows server-side request forgery (SSRF) in Mobile Security Framework (MobSF) versions before 3.9.7. Attackers can exploit a redirect handling flaw in the _check_url method to make...
This vulnerability in MobSF allows attackers to bypass Zip Slip protections during static library analysis, enabling arbitrary file extraction to any location on the server. It affects all MobSF insta...
This CVE describes a server-side request forgery (SSRF) vulnerability in Mobile Security Framework (MobSF) versions 3.9.5 Beta and prior. The vulnerability allows attackers to make the MobSF server se...
Mobile Security Framework (MobSF) versions up to v3.7.8 Beta have insecure default permissions that allow unauthorized access to the application. This affects organizations using MobSF for mobile appl...
CVE-2025-58162 is an arbitrary file write vulnerability in MobSF version 4.4.0. Authenticated users can upload specially crafted files to write arbitrary content to any directory writable by the MobSF...
A stored cross-site scripting (XSS) vulnerability in Mobile Security Framework (MobSF) allows attackers to inject malicious scripts via SVG files during Android APK analysis. When exploited, this coul...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Mobile Security Framework (MobSF) where the mitigation for a previous SSRF vulnerability (CVE-2024-29190) was insufficient. The...
CVE-2025-24803 is a stored cross-site scripting (XSS) vulnerability in Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts by manipulating bundle identifiers in iOS app...
CVE-2025-24805 is an improper privilege management vulnerability in Mobile Security Framework (MobSF) where local users with minimal privileges can misuse access tokens to access materials beyond thei...