admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-248xx/CVE-2025-24805.json
cad-safe-bot 03e4a37847 Auto-Update: 2025-02-16T03:00:21.640882+00:00
2025-02-16 03:03:51 +00:00

86 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-24805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-05T19:15:46.487",
"lastModified": "2025-02-05T19:15:46.487",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Mobile Security Framework (MobSF) es un framework automatizado y todo en uno para pruebas de penetraci\u00f3n, an\u00e1lisis de malware y evaluaci\u00f3n de seguridad de aplicaciones m\u00f3viles (Android/iOS/Windows). Un usuario local con privilegios m\u00ednimos puede utilizar un token de acceso para acceder a materiales de \u00e1mbitos que no deber\u00edan aceptarse. Este problema se ha solucionado en la versi\u00f3n 4.3.1 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-79f6-p65j-3m2m",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink