216.73.217.24

CVE-2025-46335

· Published 05/05/2025 19:15 · Modified 05/05/2025 20:54

Labels: CVE-2025-46335 2025-05-05CVE-2025-46335CWE-79[email protected]

Essential information

Published
05/05/2025 19:15
Modified
05/05/2025 20:54
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mobsf / mobsf cpe:2.3:a:mobsf:mobsf:<4.3.3:*:*:*:*:*:*:*
mobsf / mobsf cpe:2.3:a:mobsf:mobsf:4.3.2:*:*:*:*:*:*:*

References