cve-2025-24804

Vulnerability from cvelistv5

Published

2025-02-05 18:41

Modified

2025-02-12 19:41

Severity ?

4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Summary

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

▼	URL	Tags
	security-advisories@github.com	https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier
	security-advisories@github.com	https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83
	security-advisories@github.com	https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr

Impacted products

	Vendor	Product	Version
	MobSF	Mobile-Security-Framework-MobSF	Version: = 4.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24804",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T19:07:14.580612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:41:05.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mobile-Security-Framework-MobSF",
          "vendor": "MobSF",
          "versions": [
            {
              "status": "affected",
              "version": "= 4.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple\u0027s documentation for bundle ID\u0027s, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-05T18:41:15.873Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr"
        },
        {
          "name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83"
        },
        {
          "name": "https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier"
        }
      ],
      "source": {
        "advisory": "GHSA-jrm8-xgf3-fwqr",
        "discovery": "UNKNOWN"
      },
      "title": "Partial Denial of Service (DoS) in MobSF"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24804",
    "datePublished": "2025-02-05T18:41:15.873Z",
    "dateReserved": "2025-01-23T17:11:35.840Z",
    "dateUpdated": "2025-02-12T19:41:05.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24804\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-02-05T19:15:46.350\",\"lastModified\":\"2025-02-05T19:15:46.350\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple\u0027s documentation for bundle ID\u0027s, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"LOW\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1287\"}]}],\"references\":[{\"url\":\"https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24804\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T19:07:14.580612Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T19:39:18.851Z\"}}], \"cna\": {\"title\": \"Partial Denial of Service (DoS) in MobSF\", \"source\": {\"advisory\": \"GHSA-jrm8-xgf3-fwqr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"MobSF\", \"product\": \"Mobile-Security-Framework-MobSF\", \"versions\": [{\"status\": \"affected\", \"version\": \"= 4.3.0\"}]}], \"references\": [{\"url\": \"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr\", \"name\": \"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83\", \"name\": \"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier\", \"name\": \"https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple\u0027s documentation for bundle ID\u0027s, it must contain only alphanumeric characters (A\\u2013Z, a\\u2013z, and 0\\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"CWE-1287: Improper Validation of Specified Type of Input\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-02-05T18:41:15.873Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24804\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T19:41:05.675Z\", \"dateReserved\": \"2025-01-23T17:11:35.840Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-02-05T18:41:15.873Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-jrm8-xgf3-fwqr

Vulnerability from github

Published

2025-02-05 21:09

Modified

2025-02-05 21:45

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

MobSF Partial Denial of Service (DoS)

Details

Partial Denial of Service (DoS)

Product: MobSF Version: < 4.3.1 CWE-ID: CWE-1287: Improper Validation of Specified Type of Input CVSS vector v.4.0: 7.1 (AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) CVSS vector v.3.1: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) Description: DoS in the Scans Results and iOS Dynamic Analyzer functionality Impact: Leveraging this vulnerability would make Scans Results and iOS Dynamic Analyzer pages unavailable. Vulnerable component: urls.py https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/mobsf/MobSF/urls.py#L401 Exploitation conditions: A malicious application was uploaded to the MobSF. Mitigation: Check the uploaded bundle IDs against the regex. Researcher: Oleg Surnin (Positive Technologies)

Research

Researcher discovered zero-day vulnerability Partial Denial of Service (DoS) in MobSF in the Scans Results and iOS Dynamic Analyzer functionality. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). (https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier) However, an attacker can manually modify this value in Info.plist file and add special characters to the <key>CFBundleIdentifier</key> value. In the urls.py file URL rules are defined. https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/mobsf/MobSF/urls.py#L401

Listing 3. ``` bundle_id_regex = r'(?P([a-zA-Z0-9]{1}[\w.-]{1,255}))$'

skip code

re_path(fr'^ios/view_report/{bundle_id_regex}', ios_view_report.ç, name='ios_view_report'), ```

When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system.

Vulnerability reproduction

To reproduce the vulnerability, follow the steps described below.

• Unzip the IPA file of any iOS application.

Listing 4. Unzipping the file unzip test.ipa

• Modify the value of <key>CFBundleIdentifier</key> by adding restricted characters in the Info.plist file.

*Figure 7. Example with ' character`

• Zip the modified IPA file.

Listing 5. Zipping the file zip -r dos.ipa Payload/

• Upload the modified IPA file to Static Analysis and wait until it finished • Open the following pages: http://mobsf/recent_scans/ http://mobsf/ios/dynamic_analysis/

Figure 8. DoS Example

Figure 9. DoS Example

Please, assign all credits to Oleg Surnin (Positive Technologies)

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.3.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "mobsf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-05T21:09:21Z",
    "nvd_published_at": "2025-02-05T19:15:46Z",
    "severity": "HIGH"
  },
  "details": "# Partial Denial of Service (DoS)\n\n**Product:** MobSF\n**Version:** \u003c 4.3.1\n**CWE-ID:** CWE-1287: Improper Validation of Specified Type of Input\n**CVSS vector v.4.0:** 7.1 (AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n**CVSS vector v.3.1:** 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n**Description:**  DoS in the Scans Results and iOS Dynamic Analyzer functionality \n**Impact:** Leveraging this vulnerability would make Scans Results and iOS Dynamic Analyzer pages unavailable.\n**Vulnerable component:** urls.py\nhttps://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/mobsf/MobSF/urls.py#L401\n**Exploitation conditions:** A malicious application was uploaded to the MobSF.\n**Mitigation:** Check the uploaded bundle IDs against the regex.\n**Researcher: Oleg Surnin (Positive Technologies)**\n\n## Research\n\nResearcher discovered zero-day vulnerability Partial Denial of Service (DoS) in MobSF in the Scans Results and iOS Dynamic Analyzer functionality.\nAccording to Apple\u0027s documentation for bundle ID\u0027s, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.).\n(https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier)\nHowever, an attacker can manually modify this value in `Info.plist` file and add special characters to the `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` value.\nIn the `urls.py` file URL rules are defined.\nhttps://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/mobsf/MobSF/urls.py#L401\n\n*Listing 3.*\n```\nbundle_id_regex = r\u0027(?P\u003cbundle_id\u003e([a-zA-Z0-9]{1}[\\w.-]{1,255}))$\u0027\n\n# skip code\nre_path(fr\u0027^ios/view_report/{bundle_id_regex}\u0027,\n                ios_view_report.\u00e7,\n                name=\u0027ios_view_report\u0027),\n```\n\nWhen the application parses the wrong characters in the bundle ID, it encounters an error.\nAs a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system.\n\n## Vulnerability reproduction\n\nTo reproduce the vulnerability, follow the steps described below.\n\n\u2022\tUnzip the IPA file of any iOS application.\n\n*Listing 4. Unzipping the file*\n```\nunzip test.ipa\n```\n\n\u2022\tModify the value of `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` by adding restricted characters in the `Info.plist` file.\n\n\u003cimg width=\"364\" alt=\"image-6\" src=\"https://github.com/user-attachments/assets/97dce68a-a5e2-4048-b5c8-3090146a9635\" /\u003e\n\n*Figure 7. Example with `\u0027` character`\n\n\n\u2022\tZip the modified IPA file.\n\n*Listing 5. Zipping the file*\n```\nzip -r dos.ipa Payload/\n```\n\n\u2022\tUpload the modified IPA file to Static Analysis and wait until it finished\n\u2022\tOpen the following pages:\n`http://mobsf/recent_scans/`\n`http://mobsf/ios/dynamic_analysis/`\n\n\u003cimg width=\"1119\" alt=\"image-7\" src=\"https://github.com/user-attachments/assets/a7a9ae2e-cd84-4ec8-8132-25140a209ca0\" /\u003e\n\n*Figure 8. DoS Example*\n\n\u003cimg width=\"1141\" alt=\"image-8\" src=\"https://github.com/user-attachments/assets/a76e03ae-b4c6-4003-a145-c1fa4c88a7a5\" /\u003e\n \n*Figure 9. DoS Example*\n\n\n_________________\n\n### Please, assign all credits to Oleg Surnin (Positive Technologies)",
  "id": "GHSA-jrm8-xgf3-fwqr",
  "modified": "2025-02-05T21:45:31Z",
  "published": "2025-02-05T21:09:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24804"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83"
    },
    {
      "type": "WEB",
      "url": "https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/d1d3b7a9aeb1a8c8c7c229a3455b19ade9fa8fe0/mobsf/MobSF/urls.py#L401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MobSF Partial Denial of Service (DoS)"
}

fkie_cve-2025-24804

Vulnerability from fkie_nvd

Published

2025-02-05 19:15

Modified

2025-02-05 19:15

Severity ?

4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Summary

References

▼	URL	Tags
	security-advisories@github.com	https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier
	security-advisories@github.com	https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83
	security-advisories@github.com	https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple\u0027s documentation for bundle ID\u0027s, it must contain only alphanumeric characters (A\u2013Z, a\u2013z, and 0\u20139), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `\u003ckey\u003eCFBundleIdentifier\u003c/key\u003e` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "Mobile Security Framework (MobSF) es un framework automatizado y todo en uno para pruebas de penetraci\u00f3n, an\u00e1lisis de malware y evaluaci\u00f3n de seguridad de aplicaciones m\u00f3viles (Android/iOS/Windows). Seg\u00fan la documentaci\u00f3n de Apple para los identificadores de paquete, estos deben contener solo caracteres alfanum\u00e9ricos (A\u2013Z, a\u2013z y 0\u20139), guiones (-) y puntos (.). Sin embargo, un atacante puede modificar manualmente este valor en el archivo `Info.plist` y agregar caracteres especiales al valor `CFBundleIdentifier`. Cuando la aplicaci\u00f3n analiza los caracteres incorrectos en el identificador de paquete, encuentra un error. Como resultado, no mostrar\u00e1 el contenido y arrojar\u00e1 un error 500 en su lugar. La \u00fanica forma de hacer que las p\u00e1ginas vuelvan a funcionar es eliminar manualmente la aplicaci\u00f3n maliciosa del sistema. Este problema se ha solucionado en la versi\u00f3n 4.3.1 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
    }
  ],
  "id": "CVE-2025-24804",
  "lastModified": "2025-02-05T19:15:46.350",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "automatable": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "vulnerableSystemAvailability": "LOW",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "NONE"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-05T19:15:46.350",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-jrm8-xgf3-fwqr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2025-24804

Vulnerability from cvelistv5

ghsa-jrm8-xgf3-fwqr

Vulnerability from github

Partial Denial of Service (DoS)

Research

skip code

Vulnerability reproduction

Please, assign all credits to Oleg Surnin (Positive Technologies)

fkie_cve-2025-24804

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature