exploitDog

CVE-2025-58162

Опубликовано: 02 сент. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.

Ссылки

https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/7f3bc086c028c1b50889cab8a15f7b59b7abdaf9
Patch
https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.1
Release Notes
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensecurity:mobile_security_framework:4.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-9gh8-9r95-3fc3

CVSS3: 6.5

github

5 месяцев назад

MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

EPSS

Процентиль: 34%

0.00139

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22