Moderate severityNVD Advisory· Published May 5, 2025· Updated May 5, 2025
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
CVE-2025-46335
Description
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mobsfPyPI | < 4.3.3 | 4.3.3 |
Affected products
1- Range: < 4.3.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-mwfg-948f-2cc5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46335ghsaADVISORY
- github.com/MobSF/Mobile-Security-Framework-MobSF/commit/6987a946485a795f4fd38cebdb4860b368a1995dghsax_refsource_MISCWEB
- github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-mwfg-948f-2cc5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.