Home > Vulnerability Database > CVE-2025-24805

Mend.io Vulnerability Database

CVE-2025-24805

Date: February 5, 2025

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

5.5

Related Resources (5)

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24805

Url: https://www.mend.io/vulnerability-database/CVE-2025-24805

Severity Score

5.5

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24805

Date: February 5, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?