CVE-2025-31116

MEDIUM Year: 2025
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.

Related Vulnerabilities

CVE-2017-20106

MEDIUM
CVSS:4.4(Medium)

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the...

CWE-9182017

CVE-2022-44730

MEDIUM
CVSS:4.4(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / da...

CWE-9182022

CVE-2023-20002

MEDIUM
CVSS:4.4(Medium)

A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerab...

CWE-9182023

CVE-2024-30420

MEDIUM
CVSS:4.4(Medium)

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploite...

CWE-9182024

CVE-2024-32454

MEDIUM
CVSS:4.4(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more –...

CWE-9182024

CVE-2024-33627

MEDIUM
CVSS:4.4(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.

CWE-9182024