{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-31116","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-03-26T15:04:52.624Z","datePublished":"2025-03-31T16:42:42.618Z","dateUpdated":"2025-03-31T18:16:45.085Z"},"containers":{"cna":{"title":"Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding","problemTypes":[{"descriptions":[{"cweId":"CWE-918","lang":"en","description":"CWE-918: Server-Side Request Forgery (SSRF)","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56","tags":["x_refsource_CONFIRM"],"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56"},{"name":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd","tags":["x_refsource_MISC"],"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd"}],"affected":[{"vendor":"MobSF","product":"Mobile-Security-Framework-MobSF","versions":[{"version":"< 4.3.2","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-03-31T16:43:13.602Z"},"descriptions":[{"lang":"en","value":"Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2."}],"source":{"advisory":"GHSA-fcfq-m8p6-gw56","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-31T18:16:31.049196Z","id":"CVE-2025-31116","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-31T18:16:45.085Z"}}]}}