CVE-2025-4218

Name of the Vulnerable Software and Affected Versions handrew browserpilot versions up to 0.2.51

Description A critical issue was found in the GPTSeleniumAgent function of the file browserpilot/browserpilot/agents/gpt selenium agent.py. The manipulation of the instructions argument leads to code injection. This issue can be exploited locally.

Recommendations For handrew browserpilot versions up to 0.2.51, as a temporary workaround, consider disabling the GPTSeleniumAgent function until a patch is available. Restrict access to the file browserpilot/browserpilot/agents/gpt selenium agent.py to minimize the risk of exploitation. Avoid using the instructions argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.