CVE-2025-4641

Published May 14, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4641 is an XML External Entity (XXE) injection vulnerability found in the bonigarcia webdrivermanager WebDriverManager library, affecting versions 1.0.0 to 6.0.1. This vulnerability exists on Windows, MacOS, and Linux platforms within the XML parsing components modules. Specifically, the issue resides in the `src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java` file. The vulnerability allows for Data Serialization External Entities Blowup due to improper restriction of XML external entity references. An attacker could exploit this to access local files, potentially read sensitive system files, execute remote code or system-level commands, or cause a denial of service by triggering XML entity expansion. A patch is available in version 6.0.2.

Description: Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
Source: cve_disclosure@tech.gov.sg
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

cve_disclosure@tech.gov.sg: CWE-611

Hype score: Not currently trending

References