CVE-2025-58161 | MobSF Mobile-Security-Framework-MobSF 4.4.0 Download File /download/ os.path.commonprefix path traversal (GHSA-ccc3-fvfx-mw3v)

Inserito da Angelo Barbosa | Set 2, 2025 | CVE

A vulnerability was found in MobSF Mobile-Security-Framework-MobSF 4.4.0 and classified as critical. This impacts the function os.path.commonprefix of the file /download/ of the component Download File Handler. Executing manipulation can lead to path traversal.

The identification of this vulnerability is CVE-2025-58161. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2025-58161 | MobSF Mobile-Security-Framework-MobSF 4.4.0 Download File /download/ os.path.commonprefix path traversal (GHSA-ccc3-fvfx-mw3v)

Post correlati

CVE-2024-42608 | Pligg CMS 2.0.2 /admin/submit_page.php cross-site request forgery

CVE-2024-11100 | 1000 Projects Beauty Parlour Management System 1.0 /index.php name sql injection

CVE-2025-49039 | Link View Plugin up to 0.8.0 on WordPress cross site scripting

CVE-2025-9691 | Campcodes Online Shopping System 1.0 /login.php Password sql injection