CVE-2025-46730: 
Python vulnerability analysis and mitigation

MobSF (Mobile Security Framework), versions up to and including 4.3.2, contains a vulnerability related to ZIP file processing. The security testing tool, typically deployed on centralized internal or cloud-based servers, lacks proper validation of ZIP file extraction sizes, making it susceptible to ZIP bomb attacks. The vulnerability was discovered and disclosed on May 4, 2025, and has been assigned CVE-2025-46730 with a CVSS v3.1 base score of 6.8 (Medium) (Wiz Database).

The vulnerability stems from MobSF's feature that allows users to upload ZIP files for static analysis. The application automatically extracts these files within its directory but fails to implement checks on the total uncompressed size of the ZIP file. This oversight makes it vulnerable to ZIP of Death (zip bomb) attacks, where a small compressed file can expand to consume massive amounts of storage space upon extraction. The issue has been classified as CWE-409 (Improper Handling of Highly Compressed Data) (GitHub Advisory).

The vulnerability can result in complete server disruption affecting not only MobSF but also other applications and websites hosted on the same server. For example, a malicious user can upload a 12-15 MB compressed file that expands to 5GB upon extraction, potentially exhausting the server's available disk space. This is particularly impactful for organizations that have created customized cloud-based mobile security tools using MobSF core (GitHub Advisory).

The vulnerability has been patched in version 4.3.3. The fix was implemented in commit 6987a946485a795f4fd38cebdb4860b368a1995d. As a mitigation strategy, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user (GitHub Advisory).

The MobSF development team has acknowledged these security flaws and promptly released patches in version 4.3.3. Security advisories have been published with detailed information about the vulnerability. The discovery has raised concerns in the security community due to MobSF's widespread adoption in enterprise environments (Cyber Security News).