Mobile Next MCP Server Path Traversal Vulnerability Allowing Arbitrary File Write

A path traversal vulnerability has been identified in the Mobile Next MCP server for mobile development and automation, specifically in version 0.0.49 and prior. The vulnerability exists in the 'mobile_save_screenshot' and 'mobile_start_screen_recording' tools, where the 'saveTo' and 'output' parameters were directly passed to filesystem operations without proper validation. This oversight allowed attackers to write files outside the designated workspace.

Impact

Exploitation of this vulnerability could lead to arbitrary file writes, allowing overwriting of sensitive files in the user's home directory, such as '.bashrc', '.ssh/authorized_keys', or configuration files.

Reproduction

The vulnerability can be reproduced by sending a JSON-RPC request to the 'mobile_save_screenshot' or 'mobile_start_screen_recording' tools with a crafted 'saveTo' or 'output' parameter that includes path traversal sequences. The absence of path validation in the server's handling of these parameters allows the exploitation to write files outside the intended directory.

Remediation

Users are advised to update to version 0.0.49 or later, where this vulnerability has been fixed.