Moderate severityNVD Advisory· Published Sep 2, 2025· Updated Sep 2, 2025
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
CVE-2025-58162
Description
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mobsfPyPI | < 4.4.1 | 4.4.1 |
Affected products
1- Range: = 4.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-9gh8-9r95-3fc3ghsaADVISORY
- github.com/MobSF/Mobile-Security-Framework-MobSF/commit/7f3bc086c028c1b50889cab8a15f7b59b7abdaf9ghsax_refsource_MISCWEB
- github.com/MobSF/Mobile-Security-Framework-MobSF/releases/tag/v4.4.1ghsax_refsource_MISCWEB
- github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-9gh8-9r95-3fc3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.