CVE-2025-58162 is a path traversal vulnerability (CWE-22) identified in version 4.4.0 of the Mobile-Security-Framework (MobSF), a widely used tool for mobile application security testing. This vulnerability allows an authenticated user to upload a specially crafted file named 'one.a' that exploits improper limitation of pathname to restricted directories. Specifically, the flaw enables the attacker to write arbitrary files to any directory writable by the user account under which the MobSF process runs. Because MobSF typically operates with user-level permissions, the attacker can potentially overwrite or create files in sensitive locations accessible to that user, leading to integrity and availability impacts. The vulnerability requires authentication but no user interaction beyond the upload of the malicious file. The CVSS v3.1 base score is 6.5 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts. The issue was patched in MobSF version 4.4.1, and no known exploits are reported in the wild as of the publication date. The vulnerability arises from insufficient validation and sanitization of file paths during upload processing, allowing directory traversal sequences to escape intended directories and write files arbitrarily. This can be leveraged to overwrite configuration files, inject malicious scripts, or disrupt the operation of MobSF or the host system, potentially compromising the security testing environment and any data processed within it.

For European organizations using MobSF 4.4.0, this vulnerability poses a significant risk to the integrity and availability of their mobile security testing infrastructure. An attacker with valid credentials could exploit this flaw to manipulate files on the server, potentially injecting malicious code or disrupting security assessments. This could lead to inaccurate security testing results, undermining the organization's mobile application security posture. Additionally, if MobSF is integrated into CI/CD pipelines or used in environments with sensitive data, the ability to write arbitrary files could facilitate further attacks or data corruption. The lack of confidentiality impact reduces the risk of direct data leakage, but the integrity and availability impacts can cause operational disruptions and loss of trust in security processes. European organizations relying on MobSF for compliance or regulatory assessments may face challenges meeting security standards if this vulnerability is exploited. The requirement for authentication limits exposure to internal or trusted users, but insider threats or compromised credentials could still enable exploitation.

Organizations should immediately upgrade MobSF installations to version 4.4.1 or later, where this vulnerability is patched. If upgrading is not immediately feasible, restrict access to MobSF to trusted administrators and enforce strong authentication controls to minimize the risk of credential compromise. Implement strict file system permissions to limit the directories writable by the MobSF process user, reducing the potential impact of arbitrary file writes. Additionally, monitor file system changes in directories accessible to MobSF for unusual activity. Employ network segmentation to isolate MobSF servers from broader enterprise networks, limiting attacker lateral movement if exploited. Regularly audit and review user accounts with MobSF access to ensure only necessary personnel have privileges. Finally, consider deploying application-level monitoring or intrusion detection systems to detect anomalous file uploads or path traversal attempts targeting MobSF.