Vulnerability Description
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensecurity | Mobile Security Framework | < 4.3.2 |
Related Weaknesses (CWE)
References
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fPatch
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSExploitVendor Advisory
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSExploitVendor Advisory
FAQ
What is CVE-2025-31116?
CVE-2025-31116 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_hos...
How severe is CVE-2025-31116?
CVE-2025-31116 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-31116?
Check the references section above for vendor advisories and patch information. Affected products include: Opensecurity Mobile Security Framework.