Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MobSF — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting MobSF. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MobSF is an automated mobile application security testing framework that analyzes Android, iOS, and Windows apps for vulnerabilities. The tool commonly identifies remote code execution, cross-site scripting, privilege escalation, and insecure data storage issues. With 16 CVEs recorded, MobSF has had security flaws in its own implementation, including path traversal and command injection vulnerabilities in its API endpoints. These incidents highlight the importance of securing security tools themselves. The platform provides static and dynamic analysis capabilities, making it widely used for mobile app penetration testing and security assessments, though its own vulnerabilities have demonstrated that security tools require rigorous scrutiny.

Top products by MobSF: Mobile-Security-Framework-MobSF
CVE IDTitleCVSSSeverityPublished
CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils — Mobile-Security-Framework-MobSFCWE-89 5.3 Medium2026-03-26
CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field — Mobile-Security-Framework-MobSFCWE-79 8.1 High2026-01-27
CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction — Mobile-Security-Framework-MobSFCWE-22 6.5 Medium2025-09-02
CVE-2025-58161 MobSF Path Traversal in GET /download/<filename> using absolute filenames — Mobile-Security-Framework-MobSFCWE-22 6.5AIMediumAI2025-09-02
CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack — Mobile-Security-Framework-MobSFCWE-409 6.8 Medium2025-05-05
CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload — Mobile-Security-Framework-MobSFCWE-79 5.4AIMediumAI2025-05-05
CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding — Mobile-Security-Framework-MobSFCWE-918 4.4 Medium2025-03-31
CVE-2025-24803 Stored Cross-Site Scripting (XSS) in MobSF — Mobile-Security-Framework-MobSFCWE-79 6.5 -2025-02-05
CVE-2025-24804 Partial Denial of Service (DoS) in MobSF — Mobile-Security-Framework-MobSFCWE-1287 6.5 -2025-02-05
CVE-2025-24805 Local Privilege Escalation in MobSF — Mobile-Security-Framework-MobSFCWE-269 6.1 -2025-02-05
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality — Mobile-Security-Framework-MobSFCWE-79 8.1 High2024-12-03
CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix — Mobile-Security-Framework-MobSFCWE-918 7.5 High2024-12-03
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files — Mobile-Security-Framework-MobSFCWE-23 8.0 High2024-08-19
CVE-2024-41955 Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect — Mobile-Security-Framework-MobSFCWE-601 5.2 Medium2024-07-31
CVE-2024-31215 Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check — Mobile-Security-Framework-MobSFCWE-918 6.3 Medium2024-04-04
CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns) — Mobile-Security-Framework-MobSFCWE-918 7.5 High2024-03-22

This page lists every published CVE security advisory associated with MobSF. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.