CVE-2025-24804

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework (MobSF) versions prior to 4.3.1

Description: The issue arises when an attacker manually modifies the CFBundleIdentifier value in the Info.plist file by adding special characters, which are not allowed according to Apple's documentation. This causes the application to encounter an error when parsing the incorrect characters in the bundle ID, resulting in a 500 error and preventing content from being displayed. The only way to resolve this is to manually remove the malicious application from the system.

Recommendations: For versions prior to 4.3.1, upgrade to version 4.3.1 to address the issue. As a temporary workaround, consider manually checking the uploaded bundle IDs against the regex to prevent the error. Additionally, restrict access to the urls.py file to minimize the risk of exploitation. Avoid using the CFBundleIdentifier value in the affected API endpoints until the issue is resolved.