CVE-2025-58162
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opensecurity | mobile_security_framework | 4.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58162 is an Arbitrary File Write vulnerability in MobSF version 4.4.0 that occurs during extraction of specially crafted iOS static library archives (.a files). The extraction function fails to properly handle absolute file paths embedded in these archives, allowing an authenticated user to write files to arbitrary locations on the filesystem with the privileges of the MobSF process. This happens because the path traversal check only detects relative paths and not absolute paths, causing the extraction to overwrite files outside the intended directory. [1]
How can this vulnerability impact me? :
This vulnerability can lead to overwriting critical files such as the MobSF database, temporary files, analysis results, logs, or UI components. This can cause corruption or loss of analysis data, system malfunctions, stored Cross-Site Scripting (XSS) attacks by overwriting UI templates, and potentially escalate risks if MobSF runs with high privileges, possibly affecting system files within containers. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your MobSF installation is version 4.4.0, which is vulnerable. Additionally, you can monitor for suspicious uploads of .a archive files containing absolute paths. Since the vulnerability involves extraction of .a files with absolute paths, you can inspect uploaded .a files for absolute path entries using commands like 'ar -t <archive.a>' to list archive contents and check for entries starting with '/'. Also, monitoring MobSF logs for errors related to file extraction or unexpected file overwrites may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade MobSF to version 4.4.1 or later, where the vulnerability has been patched by rejecting absolute paths during extraction and normalizing all paths. Until the upgrade, restrict authenticated user uploads of .a files or disable the static analysis module for iOS if possible. Additionally, review and limit the permissions of the MobSF process user to minimize potential damage from arbitrary file writes. [1]