CVE-2025-31116

Name of the Vulnerable Software and Affected Versions Mobile Security Framework (MobSF) versions prior to 4.3.2

Description The issue concerns a vulnerability in the valid host() function that uses socket.gethostbyname(), making it susceptible to SSRF abuse via the DNS rebinding technique. This vulnerability is related to the Mobile Security Framework (MobSF), a tool for pen-testing, malware analysis, and security assessment that performs static and dynamic analysis.

Recommendations For versions prior to 4.3.2, update to version 4.3.2 to resolve the issue. As a temporary workaround, consider restricting the use of the valid host() function until the update is applied.