- Description
- In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-647
- Hype score
- Not currently trending
🚨 Alerte sécurité ! Une faille critique (CVE-2025-47241) menace 1 500 projets IA, permettant aux hackers de contrôler des navigateurs autonomes. Urgence d'agir pour renforcer la sécurité ! #CyberSécurité #IA https://t.co/nWMBgJoJjt https://t.co/q7CqASfT8E
@LogicielEnLigne
21 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AIエージェント向けブラウザ自動化ツールBrowser Useにドメインホワイトリスト迂回の脆弱性。CVE-2025-47241はCVSSスコア9.3で、HTTP認証のユーザ名部分に囮となるドメインを入れられることで発現。ドメイン部を最
@__kokumoto
7 May 2025
844 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-47241 In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component. https://t.co/EavqWCgTFs
@CVEnew
3 May 2025
1001 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes