CVE-2025-4641 | THREATINT

Description

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.

PUBLISHED Reserved 2025-05-13 | Published 2025-05-14 | Updated 2025-05-14 | Assigner GovTech CSG

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status

affected

1.0.0 (maven) before 6.0.2

affected

Credits

TITAN Team (titancaproject@gmail.com) finder

References

github.com/bonigarcia/webdrivermanager/pull/1458

cve.org (CVE-2025-4641)

nvd.nist.gov (CVE-2025-4641)

Download JSON