CVE-2025-4641

CRITICAL

bonigarcia webdrivermanager <6.0.2 - SSRF

Title source: llm

Description

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.

References (1)

[Issue Tracking] https://github.com/bonigarcia/webdrivermanager/pull/1458

Scores

CVSS v4 9.3

EPSS 0.0051

EPSS Percentile 66.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-611

Status published

Products (2)

bonigarcia/webdrivermanager 1.0.0 - 6.0.2

io.github.bonigarcia/webdrivermanager 1.0.0 - 6.1.0Maven

Published May 14, 2025

Tracked Since Feb 18, 2026