CVE-2025-31116
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-31116 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the Mobile Security Framework (MobSF), an open-source tool for pen-testing, malware analysis, and security assessment of mobile applications via static and dynamic analysis. The flaw exists in the mitigation for the prior CVE-2024-29190 within the valid_host() function, which uses socket.gethostbyname() and is susceptible to SSRF abuse through DNS rebinding techniques. It carries a CVSS v3.1 base score of 4.4 (AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L) and was published on 2025-03-31. The vulnerability is fixed in MobSF version 4.3.2.
Exploitation is feasible over the network by attackers with high privileges, such as authenticated administrators, though it demands high attack complexity due to the DNS rebinding requirements and involves no user interaction. Successful attacks change scope and enable limited confidentiality impacts, such as unauthorized access to internal network resources, along with limited availability disruptions, but no integrity impacts.
The official GitHub security advisory (GHSA-fcfq-m8p6-gw56) and the patching commit (4b8bab5a9858c69fe13be4631b82d82186e0d3bd) confirm the fix in MobSF 4.3.2, recommending immediate upgrades for deployed instances to prevent SSRF exploitation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SSRF vulnerability in the MobSF web application (public-facing with network attack vector) directly enables exploitation of a public-facing application to access internal resources via DNS rebinding.