Platform
python
Component
mobsf
Fixed in
4.3.1
4.3.1
CVE-2025-24805 describes a Privilege Escalation vulnerability discovered in Mobile Security Framework (MobSF) versions up to 4.3.0. This flaw allows registered users to obtain API tokens granting them all privileges within the system, potentially leading to unauthorized access and information disclosure. The vulnerability is mitigated by upgrading to version 4.3.1.
The core of this vulnerability lies in MobSF's user role management system. The system lacks sufficient controls to prevent users from acquiring API tokens with elevated privileges. An attacker, simply by registering an account, can exploit this to gain full administrative access. This access can then be used to extract sensitive data, potentially including source code, configuration files, and other confidential information processed by MobSF. The impact is amplified if MobSF is used to analyze applications containing sensitive data, as the attacker could indirectly compromise those applications as well. There's a risk of lateral movement if the attacker can leverage the compromised MobSF instance to access other systems on the network.
CVE-2025-24805 was publicly disclosed on February 5, 2025. Its CVSS score of 6.5 (MEDIUM) indicates a moderate probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's ease of exploitation suggests it could become a target for opportunistic attackers. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.21% (43% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-24805 is to upgrade MobSF to version 4.3.1 or later, which addresses the privilege management flaw. If upgrading immediately is not feasible, consider temporarily restricting API token generation to administrators only. Implement stricter access controls and regularly audit user roles and permissions. Monitor MobSF logs for suspicious API token usage. While a direct WAF rule is unlikely, consider implementing rules to detect unusual API request patterns originating from newly registered users. After upgrading, confirm the fix by attempting to create a new user account and verifying that the generated API token does not grant administrative privileges.
Actualice MobSF a la versión 4.3.1 o superior. Esta versión corrige la vulnerabilidad de escalada de privilegios local. No existen soluciones alternativas conocidas, por lo que la actualización es la única forma de mitigar el riesgo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24805 is a vulnerability in MobSF versions up to 4.3.0 allowing registered users to obtain API tokens with all privileges, leading to information disclosure.
You are affected if you are using MobSF version 4.3.0 or earlier. Upgrade to 4.3.1 to resolve the vulnerability.
Upgrade MobSF to version 4.3.1 or later. As a temporary workaround, restrict API token generation to administrators only.
No active exploitation has been confirmed, but the ease of exploitation suggests it could become a target.
Refer to the MobSF release notes and security advisories on the official MobSF GitHub repository.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.