mobsf
Behoben in
4.3.3
4.3.2
CVE-2025-31116 represents a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Mobile Security Framework (MobSF). This flaw allows attackers to potentially bypass existing mitigation measures and access internal resources by exploiting DNS rebinding techniques. The vulnerability affects versions of MobSF up to 4.3.0, and a fix is available in version 4.3.2.
An attacker exploiting CVE-2025-31116 can leverage DNS rebinding techniques to bypass the intended mitigation and initiate requests to internal services or resources that should be inaccessible from the outside. This could lead to unauthorized access to sensitive data, including API keys, database credentials, or internal network shares. The potential impact extends beyond simple information disclosure; an attacker could potentially use this SSRF vulnerability to perform actions on behalf of the MobSF server, such as executing commands or modifying data within internal systems. The blast radius is significant, potentially impacting any internal services accessible from the MobSF server.
This vulnerability is actively being tracked and considered high probability due to the ease of DNS rebinding exploitation. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of widespread exploitation. The vulnerability was publicly disclosed on 2025-03-31. It is not currently listed on CISA KEV, but its critical severity warrants monitoring.
Organizations using MobSF for mobile application security testing, particularly those with internal APIs or resources that are not publicly accessible, are at risk. Environments where MobSF is deployed with overly permissive network configurations or without proper access controls are especially vulnerable.
• python / server:
import socket
import dns.resolver
# Attempt DNS rebinding attack
resolver = dns.resolver.Resolver()
resolver.nameservers = ['127.0.0.1'] # Use local DNS server
try:
answers = resolver.resolve('example.internal')
print(answers)
except dns.resolver.NXDOMAIN:
print('NXDOMAIN')
except Exception as e:
print(f'Error: {e}')• generic web: Check MobSF logs for unusual outbound requests to internal or unexpected external IP addresses. Monitor network traffic for connections originating from MobSF to internal resources that should not be accessible.
disclosure
Exploit-Status
EPSS
0.31% (54% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-31116 is to upgrade MobSF to version 4.3.2 or later, which includes a corrected implementation of the valid_host() function. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious DNS requests and restrict outbound connections from the MobSF server. Additionally, review and restrict network access rules to limit the MobSF server's ability to connect to external resources. After upgrading, verify the fix by attempting a DNS rebinding attack against the MobSF server and confirming that the request is blocked.
Aktualisieren Sie Mobile Security Framework (MobSF) auf Version 4.3.2 oder höher. Diese Version behebt die SSRF-Schwachstelle, die durch die DNS-Rebinding-Technik in der Funktion assetlinks_check verursacht wird. Das Update mildert das Risiko, dass ein Angreifer diese Schwachstelle ausnutzt, um nicht autorisierte Anfragen vom Server zu stellen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-31116 is a critical SSRF vulnerability in MobSF versions up to 4.3.0, allowing attackers to bypass mitigation and access internal resources via DNS rebinding.
Yes, if you are using MobSF version 4.3.0 or earlier, you are vulnerable to this SSRF attack.
Upgrade MobSF to version 4.3.2 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround if upgrading is not immediately possible.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the MobSF project's official security advisories and release notes for detailed information and updates regarding CVE-2025-31116.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.