CVE-2025-46335 in Mobile-Security-Framework-MobSFinfo

Summary

by MITRE • 05/05/2025

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/29/2025

The Mobile Security Framework (MobSF) represents a critical security research platform that serves as an essential tool for analyzing mobile application security across multiple operating systems including Android, iOS, and Windows Mobile. This platform provides automated analysis capabilities for identifying vulnerabilities in mobile applications, making it an indispensable resource for security professionals and researchers. The vulnerability identified in version 4.3.2 and earlier represents a significant security weakness that could potentially compromise the integrity of the analysis environment and the confidentiality of user data. The affected system processes Android APK files through automated analysis workflows that include SVG file handling, creating an attack surface where malicious input could be executed within the context of the application's user interface.

The technical flaw manifests as a stored cross-site scripting vulnerability that specifically targets the SVG file processing component within the Android APK analysis workflow. When users upload SVG files for analysis, the system fails to properly sanitize the input data before storing and rendering these files within the web interface. This improper sanitization allows malicious SVG content to be stored in the system's database and subsequently executed when other users view the analysis results. The vulnerability classification aligns with CWE-79 which defines cross-site scripting as the failure to properly encode or validate user-supplied data before incorporating it into web pages. The stored nature of this vulnerability means that the malicious payload persists in the system and affects multiple users who access the affected functionality, rather than being limited to a single session or request.

The operational impact of this vulnerability extends beyond simple data corruption or user interface manipulation. An attacker who successfully exploits this vulnerability could potentially execute arbitrary code within the context of other users' browser sessions, allowing for session hijacking, data exfiltration, or redirection to malicious websites. The attack vector specifically targets the analysis workflow where users upload APK files for examination, making it particularly dangerous in environments where multiple security researchers access the same MobSF instance. The vulnerability affects not only the individual user who uploads the malicious SVG file but also any subsequent user who views the analysis results, creating a chain reaction of potential compromise. This type of vulnerability could be exploited to gain unauthorized access to sensitive security research data or to establish persistent access points within the security analysis environment.

The remediation for this vulnerability was implemented in version 4.3.3 of MobSF, which introduced proper input sanitization mechanisms for SVG file processing. The fix addresses the core issue by implementing robust validation and sanitization of SVG content before storage and rendering within the web interface. This solution aligns with security best practices outlined in the OWASP Top Ten and follows the principles of defense in depth. Organizations utilizing MobSF should prioritize immediate deployment of version 4.3.3 or later to mitigate the risk of exploitation. The vulnerability demonstrates the importance of proper input validation in web applications and highlights the need for security measures throughout the entire application lifecycle, particularly in security tools that handle potentially malicious input from users. Additionally, this vulnerability serves as a reminder of the critical nature of secure coding practices in security tools themselves, as these platforms often handle sensitive data and require the highest levels of security assurance. The ATT&CK framework would categorize this vulnerability under T1584 for phishing and T1059 for command and scripting interpreter, as attackers could leverage the XSS to establish further attack vectors through user interaction with compromised analysis results.

Responsible

GitHub M

Reservation

04/23/2025

Disclosure

05/05/2025

Moderation

accepted

CPE

ready

EPSS

0.00251

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!