CVE-2025-4641 – io.github.bonigarcia:webdrivermanager

Package

Manager: maven
Name: io.github.bonigarcia:webdrivermanager
Vulnerable Version: >=1.0.0 <6.1.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

EPSS: 0.00082 pctl0.24839

Details

BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.1.0.

Metadata

Created: 2025-05-14T21:31:18Z
Modified: 2025-05-15T17:28:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-pwm3-776c-8q7q/GHSA-pwm3-776c-8q7q.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-pwm3-776c-8q7q
Finding: F083
Auto approve: 1