PT-2025-21226 · Unknown · Bonigarcia Webdrivermanager
Titan Team
·
Published
2025-05-14
·
Updated
2025-05-19
·
CVE-2025-4641
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
bonigarcia webdrivermanager versions 1.0.0 through 6.0.2
Description:
The issue is related to an Improper Restriction of XML External Entity Reference, allowing Data Serialization External Entities Blowup. This affects the XML parsing components and modules. The vulnerability is associated with the program files in src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. It is estimated to affect systems on Windows, MacOS, and Linux.
Recommendations:
For versions 1.0.0 through 6.0.2, update to version 6.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the XML parsing components and modules until the update can be applied.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bonigarcia Webdrivermanager