में ठीक किया गया
4.3.3
4.3.2
CVE-2025-31116 represents a critical Server-Side Request Forgery (SSRF) vulnerability discovered in Mobile Security Framework (MobSF). This flaw allows attackers to potentially bypass existing mitigation measures and access internal resources by exploiting DNS rebinding techniques. The vulnerability affects versions of MobSF up to 4.3.0, and a fix is available in version 4.3.2.
The SSRF vulnerability in MobSF allows an attacker to craft malicious requests that appear to originate from within the MobSF environment. Because the mitigation relies on socket.gethostbyname(), which is susceptible to DNS rebinding, an attacker can manipulate DNS records to redirect requests to internal services or external hosts. This could lead to unauthorized access to sensitive data, including internal APIs, databases, or cloud resources. Successful exploitation could enable attackers to perform reconnaissance, escalate privileges, or even gain complete control over affected systems. The potential blast radius is significant, especially in environments where MobSF is used to analyze mobile applications with access to sensitive internal infrastructure.
This vulnerability is publicly known and has a high probability of exploitation due to the ease of DNS rebinding attacks. No public exploits have been widely reported as of the publication date, but the vulnerability's severity and ease of exploitation make it a high-priority target. It was disclosed on 2025-03-31. The EPSS score is likely to be high, reflecting the potential for widespread exploitation.
Organizations using MobSF for mobile application security testing, particularly those with internal APIs or resources that are not publicly accessible, are at risk. Environments where MobSF is deployed with overly permissive network configurations or without proper access controls are especially vulnerable.
• python / server:
import socket
import dns.resolver
# Attempt DNS rebinding attack
resolver = dns.resolver.Resolver()
resolver.nameservers = ['127.0.0.1'] # Use local DNS server
try:
answers = resolver.resolve('example.internal')
print(answers)
except dns.resolver.NXDOMAIN:
print('NXDOMAIN')
except Exception as e:
print(f'Error: {e}')• generic web: Check MobSF logs for unusual outbound requests to internal or unexpected external IP addresses. Monitor network traffic for connections originating from MobSF to internal resources that should not be accessible.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.31% (54% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-31116 is to upgrade MobSF to version 4.3.2 or later, which includes a corrected implementation that prevents DNS rebinding attacks. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious outbound requests, particularly those involving unusual hostnames or IP addresses. Additionally, restrict network access to MobSF to only authorized users and systems. Review and harden the network configuration to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting a DNS rebinding attack against MobSF and verifying that the requests are properly blocked.
Actualice Mobile Security Framework (MobSF) a la versión 4.3.2 o superior. Esta versión corrige la vulnerabilidad SSRF causada por la técnica de DNS Rebinding en la función assetlinks_check. La actualización mitiga el riesgo de que un atacante explote esta vulnerabilidad para realizar solicitudes no autorizadas desde el servidor.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-31116 is a critical SSRF vulnerability in MobSF versions up to 4.3.0, allowing attackers to bypass mitigation and access internal resources via DNS rebinding.
Yes, if you are using MobSF version 4.3.0 or earlier, you are vulnerable to this SSRF attack.
Upgrade MobSF to version 4.3.2 or later to resolve the vulnerability. Consider WAF rules as a temporary workaround if upgrading is not immediately possible.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the MobSF project's official security advisories and release notes for detailed information and updates regarding CVE-2025-31116.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।