A critical security flaw has been discovered in Mobile Security Framework (MobSF), a popular pen-testing and malware analysis tool, potentially exposing users to significant risks.
The vulnerability, identified as CVE-2024-53999, allows attackers to execute malicious scripts through a Stored Cross-Site Scripting (XSS) attack in the application’s “Diff or Compare” functionality.
The issue stems from MobSF’s file upload mechanism, which failed to properly sanitize filenames containing special characters such as <, >, /, and “.
This oversight enabled malicious actors to upload files with script-injected names, which would then be stored on the server and executed when other users accessed the “Diff or Compare” feature.
Security researchers demonstrated the vulnerability by uploading a zip file with the filename “test.zip” using an intercepting proxy tool.
.webp "MobSF Vulnerability Let Attackers Inject Malicious Scripts 2")
When other users attempted to compare this file using the “Diff or Compare” functionality, the embedded JavaScript code was executed in their web browsers.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Flaw Profile
The potential impact of this vulnerability is severe. Attackers could exploit this flaw to:-
- Steal sensitive information, including session tokens and cookies
- Perform unauthorized actions on behalf of victims
- Deface the application interface
- Potentially chain with other vulnerabilities for further exploitation
The vulnerability has been assigned a CVSS base score of 8.1, indicating a high severity level. The vulnerability affects all versions of MobSF up to and including 4.2.8.
Users are strongly advised to update to version 4.2.9, which contains a patch for this security issue.
.webp "MobSF Vulnerability Let Attackers Inject Malicious Scripts 3")
For organizations unable to update immediately, security experts recommend implementing temporary mitigation measures:-
- Restricting access to the “Diff or Compare” functionality
- Implementing strict input validation for file uploads, especially for filename parameters
- Using Content Security Policy (CSP) headers to mitigate the impact of XSS attacks
- Regularly auditing and sanitizing existing file names in the system
- Educating users about the risks of uploading or interacting with untrusted files
Besides this, there is currently no evidence of public proof-of-concept exploits or active exploitation in the wild, the potential for abuse remains significant.
This incident highlights the need for regular security audits and prompt patching of discovered vulnerabilities to maintain a robust security posture.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.