Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
- Severity (CVSSv4.0): 8.5 (high)
Description:
The vulnerability was identified in Mobile Security Framework (MobSF) , versions 4.3.0.
The discovered vulnerability allows an attacker with minimal privileges to obtain an API token, potentially resulting in privilege elevation within the system.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 29.03.2025
Recommendations:
- Update to version 4.3.2 or higher.
Additional information: Security advisory
Researcher: Egor Filatov (Positive Technologies)