Platform
python
Component
mobsf
Fixed in
4.3.3
4.3.2
CVE-2025-31116 represents a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Mobile Security Framework (MobSF). This flaw allows attackers to potentially bypass existing mitigation measures and access internal resources by exploiting DNS rebinding techniques. The vulnerability affects versions of MobSF up to 4.3.0, and a fix is available in version 4.3.2.
The SSRF vulnerability in MobSF allows an attacker to craft malicious requests that appear to originate from within the MobSF environment. Because the mitigation relies on socket.gethostbyname(), which is susceptible to DNS rebinding, an attacker can manipulate DNS records to redirect requests to internal services or external hosts. This could lead to unauthorized access to sensitive data, including internal APIs, databases, or cloud resources. Successful exploitation could enable attackers to perform reconnaissance, escalate privileges, or even gain complete control over affected systems. The potential blast radius is significant, especially in environments where MobSF is used to analyze mobile applications with access to sensitive internal infrastructure.
This vulnerability is publicly known and has a high probability of exploitation due to the ease of DNS rebinding attacks. No public exploits have been widely reported as of the publication date, but the vulnerability's severity and ease of exploitation make it a high-priority target. It was disclosed on 2025-03-31. The EPSS score is likely to be high, reflecting the potential for widespread exploitation.
Exploit Status
EPSS
0.31% (54% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-31116 is to upgrade MobSF to version 4.3.2 or later, which includes a corrected implementation that prevents DNS rebinding attacks. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious outbound requests, particularly those involving unusual hostnames or IP addresses. Additionally, restrict network access to MobSF to only authorized users and systems. Review and harden the network configuration to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting a DNS rebinding attack against MobSF and verifying that the requests are properly blocked.
Update Mobile Security Framework (MobSF) to version 4.3.2 or higher. This version corrects the SSRF vulnerability caused by the DNS Rebinding technique in the assetlinks_check function. The update mitigates the risk of an attacker exploiting this vulnerability to perform unauthorized requests from the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31116 is a critical SSRF vulnerability in MobSF versions up to 4.3.0, allowing attackers to bypass mitigation and access internal resources via DNS rebinding.
Yes, if you are using MobSF version 4.3.0 or earlier, you are vulnerable to this SSRF attack.
Upgrade MobSF to version 4.3.2 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround if upgrading is not immediately possible.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the MobSF project's official security advisories and release notes for detailed information and updates regarding CVE-2025-31116.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.