CVE-2025-31116: 
Python vulnerability analysis and mitigation

Mobile Security Framework (MobSF), a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis, was found to contain a Server-Side Request Forgery (SSRF) vulnerability in versions 4.3.1 and earlier. The vulnerability exists in the mitigation for CVE-2024-29190 where the valid_host() function uses socket.gethostbyname(), making it vulnerable to SSRF abuse using DNS rebinding technique (GitHub Advisory).

The vulnerability stems from the use of socket.gethostbyname() in the valid_host() function's SSRF protection mechanism. The function performs a single DNS lookup to verify that the IP address is not in an excluded subnet range. However, this protection can be bypassed through DNS rebinding attacks, where an initial DNS resolution points to an allowed IP (like 1.1.1.1), but subsequent resolutions point to restricted IPs (like 127.0.0.1). The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L (GitHub Advisory).

The vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks, potentially enabling unauthorized access to internal resources and services. This could lead to data exposure, internal system reconnaissance, and potential service disruption (GitHub Advisory).

The vulnerability has been patched in version 4.3.2 of MobSF. The fix involves avoiding the use of socket.gethostbyname() since it issues DNS queries that can be manipulated. Users are advised to upgrade to version 4.3.2 or later to receive the security fix (GitHub Advisory).