CVE-2025-46730
published 2025-05-05CVE-2025-46730: MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.41%
32.8th percentile
MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, in versions up to and including 4.3.2, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server's disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server. This vulnerability can lead to complete server disruption in an organization which can affect other internal portals and tools too (which are hosted on the same server). If some organization has created their customized cloud based mobile security tool using MobSF core then an attacker can exploit this vulnerability to crash their servers. Commit 6987a946485a795f4fd38cebdb4860b368a1995d fixes this issue. As an additional mitigation, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mobsf | mobile-security-framework-mobsf | <= 4.3.2 | — |
| msrc | azl3_kernel_6.6.104.2-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.112.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.117.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.119.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.119.3-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.121.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.126.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.130.1-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| opensecurity | mobile_security_framework | < 4.3.3 | 4.3.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
osv·2025-05-05
CVE-2025-46730 [MEDIUM] Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
**Vulnerable MobSF Versions:** <= v4.3.2
**Details:**
MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors.
MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, this functionality lacks a check on the total uncompressed size of the ZIP file, making i
GHSA
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
ghsa·2025-05-05
CVE-2025-46730 [MEDIUM] CWE-409 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
**Vulnerable MobSF Versions:** <= v4.3.2
**Details:**
MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors.
MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, this functionality lacks a check on the total uncompressed size of the ZIP file, making i
Microsoft
drm/amd/display: Ensure array index tg_inst won't be -1
vendor_msrc·2024-09-10·CVSS 5.5
CVE-2024-46730 [MEDIUM] CWE-191 drm/amd/display: Ensure array index tg_inst won't be -1
drm/amd/display: Ensure array index tg_inst won't be -1
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-05
Published