CVE-2025-47241 | THREATINT

Description

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

PUBLISHED Reserved 2025-05-03 | Published 2025-05-03 | Updated 2025-05-05 | Assigner mitre

MEDIUM: 4.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-647 Use of Non-Canonical URL Paths for Authorization Decisions

Product status

Default status

unaffected

Any version before 0.1.45

affected

References

github.com/...er-use/security/advisories/GHSA-x39x-9qw5-ghrf

github.com/browser-use/browser-use/releases/tag/0.1.45

github.com/browser-use/browser-use/pull/1561

cve.org (CVE-2025-47241)

nvd.nist.gov (CVE-2025-47241)

Download JSON