|
Vulnerabilities
< Back

CVE-2025-4641

Updated on 14 May 2025

Severity

9.3 Critical severity

Details

CVSS score
9.3
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.

This issue affects webdrivermanager: from 1.0.0 before 6.0.2.

Details

Affected product:
Apache Tapestry , webdrivermanager
Affected packages:
webdrivermanager @ 2.2.4 (+32 more)

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.

This issue affects webdrivermanager: from 1.0.0 before 6.0.2.