CVE-2025-46730

{"id": "CVE-2025-46730", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-05-05T20:15:21.313", "references": [{"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/6987a946485a795f4fd38cebdb4860b368a1995d", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-c5vg-26p8-q8cr", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-409"}]}], "descriptions": [{"lang": "en", "value": "MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, in versions up to and including 4.3.2, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server's disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server. This vulnerability can lead to complete server disruption in an organization which can affect other internal portals and tools too (which are hosted on the same server). If some organization has created their customized cloud based mobile security tool using MobSF core then an attacker can exploit this vulnerability to crash their servers. Commit 6987a946485a795f4fd38cebdb4860b368a1995d fixes this issue. As an additional mitigation, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user."}, {"lang": "es", "value": "MobSF es una herramienta de pruebas de seguridad para aplicaciones m\u00f3viles. Normalmente, MobSF se implementa en servidores centralizados internos o en la nube que tambi\u00e9n alojan otras herramientas de seguridad y aplicaciones web. El acceso a la interfaz web de MobSF suele concederse a equipos de seguridad internos, equipos de auditor\u00eda y proveedores externos. MobSF ofrece una funci\u00f3n que permite a los usuarios cargar archivos ZIP para an\u00e1lisis est\u00e1tico. Tras la carga, estos archivos ZIP se extraen y almacenan autom\u00e1ticamente en el directorio de MobSF. Sin embargo, en versiones hasta la 4.3.2 incluida, esta funci\u00f3n carece de una comprobaci\u00f3n del tama\u00f1o total sin comprimir del archivo ZIP, lo que lo hace vulnerable a un ataque ZIP de la Muerte (bomba zip). Debido a la ausencia de protecciones contra extracciones de gran tama\u00f1o, un atacante puede crear un archivo ZIP especialmente preparado que, aunque peque\u00f1o en su forma comprimida, se expande enormemente al extraerlo. Aprovechando esto, un atacante puede agotar el espacio de disco del servidor, lo que provoca una denegaci\u00f3n de servicio (DoS) completa no solo para MobSF, sino tambi\u00e9n para cualquier otra aplicaci\u00f3n o sitio web alojado en el mismo servidor. Esta vulnerabilidad puede provocar la interrupci\u00f3n total del servidor de una organizaci\u00f3n, lo que puede afectar tambi\u00e9n a otros portales y herramientas internos (alojados en el mismo servidor). Si una organizaci\u00f3n ha creado su herramienta de seguridad m\u00f3vil personalizada en la nube utilizando el n\u00facleo de MobSF, un atacante puede explotar esta vulnerabilidad para bloquear sus servidores. El commit 6987a946485a795f4fd38cebdb4860b368a1995d corrige este problema. Como mitigaci\u00f3n adicional, se recomienda implementar una protecci\u00f3n que verifique el tama\u00f1o total sin comprimir de cualquier archivo ZIP subido antes de la extracci\u00f3n. Si el tama\u00f1o estimado sin comprimir supera un umbral seguro (p. ej., 100 MB), MobSF deber\u00eda rechazar el archivo y notificar al usuario."}], "lastModified": "2025-09-03T18:18:17.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D10464-EEDC-45DA-B430-C8E478DE3FB7", "versionEndExcluding": "4.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}