What is CVE-2025-24804?

A medium-severity vulnerability has been identified in the OpenSecurity Mobile Security Framework (MobSF). Attackers can exploit this flaw by modifying the bundle ID, leading to application errors. Organizations are urged to upgrade to version 4.3.1 immediately.

What is the severity of CVE-2025-24804?

CVE-2025-24804 has a severity rating of MEDIUM with a CVSS base score of 4.8.

CVE-2025-24804 | Medium Vulnerability in OpenSecurity Mobile Security Framework

A medium-severity vulnerability has been identified in the OpenSecurity Mobile Security Framework (MobSF), an automated, all-in-one mobile application pen-testing, malware analysis, and security assessment framework. This vulnerability allows an attacker to exploit the application by modifying the bundle ID in the `Info.plist` file, which can lead to application errors and a denial of service.

The vulnerability has been assigned a CVSS score of 4.8, indicating medium severity. The risk to organizations includes potential application downtime due to a 500 error being thrown when incorrect characters are parsed in the bundle ID. Users must remove the malicious application manually to restore functionality.

This vulnerability has been addressed in version 4.3.1 of the framework, and all users are advised to upgrade immediately. Failure to do so may leave systems vulnerable to exploitation.

Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability.

No known workarounds exist for this vulnerability, underscoring the importance of timely updates.

As mobile application security continues to be a critical concern, organizations utilizing MobSF must remain vigilant in monitoring and addressing vulnerabilities.

Vulnerability Details

The official description of this vulnerability states: 'Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.'

The vulnerability is classified as a potential denial of service due to improper handling of special characters in the bundle ID, leading to application errors and downtime.

Technical Analysis

The root cause of this vulnerability lies in the failure of the application to validate the contents of the `CFBundleIdentifier` field in the `Info.plist` file properly. This oversight allows attackers to introduce incorrect characters into the bundle ID, which leads to parsing errors during the application execution.

The attack vector is classified as network-based, as the attacker can exploit this vulnerability remotely without physical access to the device. The attack complexity is low, as no specialized skills are required to exploit this flaw. However, the attacker must possess high privileges on the system to execute the attack successfully.

User interaction is passive, as the victim does not need to take any action for the attack to succeed. The vulnerability has a low impact on availability, as it results in application downtime due to a 500 error when the incorrect bundle ID is processed.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant, particularly for organizations relying on the Mobile Security Framework for application security assessments. The potential for application downtime due to incorrect bundle ID handling poses a serious risk to business operations.

Organizations must understand that failure to address this vulnerability could lead to extended periods of service disruption, impacting user experience and potentially causing financial losses.

The urgency assessment based on the CVSS score of 4.8 indicates that organizations should address this vulnerability in their priority patch cycle to mitigate the associated risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Mobile Security Framework (MobSF) with all versions prior to vendor patch 4.3.1 being vulnerable. Users are strongly encouraged to update their installations to this version to mitigate the risk.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to version 4.3.1 of the Mobile Security Framework. This update addresses the parsing issue related to the bundle ID.

If the patch cannot be applied immediately, organizations should consider implementing configuration hardening practices to limit application access and monitor for any abnormal behaviors that may indicate exploitation attempts.

For further assistance with application security, organizations can engage in professional penetration testing services to identify and address vulnerabilities in their systems.

Detection Guidance

Organizations should monitor logs for any unusual patterns that may indicate attempts to exploit this vulnerability. Key indicators may include application errors related to the bundle ID parsing.

Behavioral anomalies, such as unexpected application crashes or 500 errors, should also be closely monitored. Network signatures associated with known exploitation attempts can further aid detection efforts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability highlights the necessity for robust input validation mechanisms in software design, especially for applications handling critical identifiers.

This incident underscores a broader trend in application security where vulnerabilities can arise from seemingly benign configurations. Security teams are reminded to continuously assess their applications for similar weaknesses.

For a comprehensive approach to application security, organizations may refer to our vulnerability management program and best practices for ongoing security assessments.

Additionally, organizations can enhance their security posture by adopting measures outlined in our penetration testing methodology resources to stay ahead of emerging threats.

In conclusion, the vulnerability within the Mobile Security Framework serves as a reminder of the critical need for vigilant security practices in application development and maintenance.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24804: Medium Vulnerability in OpenSecurity Mobile Security Framework