CVE-2025-31116 MEDIUM

CVE-2025-31116: Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding

Vendor Mobsf
Product Mobile-Security-Framework-MobSF
Weakness CWE-918 · SSRF
Published March 31, 2025
Last update March 31, 2025

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

What the vulnerability does

01Description

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated