CVE-2025-46335

Summary

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
MobSFMobile-Security-Framework-MobSF< 4.3.3affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References