CVE-2025-4641

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.

CVSS

No CVSS.

References

Link	Resource
https://github.com/bonigarcia/webdrivermanager/pull/1458

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 19:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-4641

Mitre link : CVE-2025-4641

CVE.ORG link : CVE-2025-4641

JSON object : View

Products Affected

No product.

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2025-4641", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-14T19:15:53.683", "references": [{"url": "https://github.com/bonigarcia/webdrivermanager/pull/1458", "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.\n\nThis issue affects webdrivermanager: from 1.0.0 before 6.0.2."}, {"lang": "es", "value": "Vulnerabilidad de restricci\u00f3n incorrecta de referencias a entidades externas XML en bonigarcia webdrivermanager. WebDriverManager en Windows, macOS y Linux (m\u00f3dulos de componentes de an\u00e1lisis XML) permite la expansi\u00f3n de entidades externas por serializaci\u00f3n de datos. Esta vulnerabilidad est\u00e1 asociada a los archivos de programa src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. Este problema afecta a webdrivermanager desde la versi\u00f3n 1.0.0 hasta la 6.0.2."}], "lastModified": "2025-05-16T14:43:26.160", "sourceIdentifier": "cve_disclosure@tech.gov.sg"}

CVE-2025-4641

JSON object

Attach tags to CVE-2025-4641

Attach tags to `CVE-2025-4641`