XSS in Mobsf Mobile-security-framework-mobsf

CVE-2025-24803

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain onl…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (66.9th percentile) — read the EPSS interpretation.

Affected products

Mobsf Mobile-security-framework-mobsf — versions = 4.3.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-cxqq-w3x5-7ph3 (x_refsource_CONFIRM)
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 (x_refsource_MISC)
https://developer.apple.com/documentation/bundleresources/information-property-list/cfbundleidentifier (x_refsource_MISC)