CVE-2025-58162
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-03

Assigner: GitHub, Inc.

Description
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-03
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58162
EUVD
EUVD-2025-26368
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opensecurity mobile_security_framework 4.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58162 is an Arbitrary File Write vulnerability in MobSF version 4.4.0 that occurs during extraction of specially crafted iOS static library archives (.a files). The extraction function fails to properly handle absolute file paths embedded in these archives, allowing an authenticated user to write files to arbitrary locations on the filesystem with the privileges of the MobSF process. This happens because the path traversal check only detects relative paths and not absolute paths, causing the extraction to overwrite files outside the intended directory. [1]

Impact Analysis

This vulnerability can lead to overwriting critical files such as the MobSF database, temporary files, analysis results, logs, or UI components. This can cause corruption or loss of analysis data, system malfunctions, stored Cross-Site Scripting (XSS) attacks by overwriting UI templates, and potentially escalate risks if MobSF runs with high privileges, possibly affecting system files within containers. [1]

Detection Guidance

This vulnerability can be detected by checking if your MobSF installation is version 4.4.0, which is vulnerable. Additionally, you can monitor for suspicious uploads of .a archive files containing absolute paths. Since the vulnerability involves extraction of .a files with absolute paths, you can inspect uploaded .a files for absolute path entries using commands like 'ar -t <archive.a>' to list archive contents and check for entries starting with '/'. Also, monitoring MobSF logs for errors related to file extraction or unexpected file overwrites may help detect exploitation attempts. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade MobSF to version 4.4.1 or later, where the vulnerability has been patched by rejecting absolute paths during extraction and normalizing all paths. Until the upgrade, restrict authenticated user uploads of .a files or disable the static analysis module for iOS if possible. Additionally, review and limit the permissions of the MobSF process user to minimize potential damage from arbitrary file writes. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58162. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart