Plattform
python
Komponente
mobsf
Behoben in
4.3.1
4.3.1
CVE-2025-24805 describes a Privilege Escalation vulnerability discovered in Mobile Security Framework (MobSF) versions up to 4.3.0. This flaw allows registered users to obtain API tokens granting them all privileges within the system, potentially leading to unauthorized access and information disclosure. The vulnerability is mitigated by upgrading to version 4.3.1.
The core of this vulnerability lies in MobSF's user role management system. While designed to divide users by roles, the implementation is flawed, allowing any registered and authorized user to easily obtain an API token with administrator-level privileges. This effectively bypasses intended access controls. An attacker with such a token could access sensitive data within MobSF, potentially including source code analysis results, reports, and configuration details. The impact is primarily information disclosure, but the elevated privileges could also be leveraged for further malicious actions within the MobSF environment, such as modifying configurations or creating new users.
CVE-2025-24805 was publicly disclosed on February 5, 2025. The vulnerability has a CVSS score of 6.5 (MEDIUM), indicating a moderate risk. No public proof-of-concept (PoC) code has been released as of this writing, but the ease of exploitation described in the vulnerability description suggests a potential for rapid exploitation if a PoC is developed. It is not currently listed on CISA KEV.
Organizations using MobSF to analyze mobile applications, particularly those handling sensitive data, are at risk. Teams relying on MobSF for automated security assessments and continuous integration/continuous delivery (CI/CD) pipelines are especially vulnerable, as a compromised MobSF instance could introduce vulnerabilities into the build process.
• python / server:
grep -r 'API_TOKEN_GENERATION_ENABLED' /opt/mobsf/config.py• python / server:
journalctl -u mobsf | grep -i "API token generated"• generic web:
curl -I http://<mobsf_server>/api/v1/users/me/token
disclosure
Exploit-Status
EPSS
0.21% (43% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-24805 is to upgrade MobSF to version 4.3.1 or later, which contains the fix for the privilege escalation vulnerability. If upgrading immediately is not feasible, consider restricting API token generation to specific, trusted users. Implement stricter access controls and auditing of API token usage. Regularly review user roles and permissions to ensure they align with the principle of least privilege. While a direct WAF rule is unlikely, monitoring API token requests for unusual patterns could provide an early warning sign of exploitation.
Actualice MobSF a la versión 4.3.1 o superior. Esta versión corrige la vulnerabilidad de escalada de privilegios local. No existen soluciones alternativas conocidas, por lo que la actualización es la única forma de mitigar el riesgo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24805 is a vulnerability in MobSF versions up to 4.3.0 allowing registered users to obtain API tokens with all privileges, leading to information disclosure.
You are affected if you are using MobSF version 4.3.0 or earlier. Upgrade to 4.3.1 to resolve the vulnerability.
Upgrade MobSF to version 4.3.1 or later. As a temporary workaround, restrict API token generation to administrators only.
No active exploitation has been confirmed, but the ease of exploitation suggests it could become a target.
Refer to the MobSF release notes and security advisories on the official MobSF GitHub repository.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.