CVE-2025-4641 CRITICAL

CVE-2025-4641: XML External Entity (XXE) injection vulnerability in WebDriverManager

Vendor Bonigarcia
Product webdrivermanager
Weakness CWE-611 · XXE
Published May 14, 2025
Last update May 14, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

What the vulnerability does

01Description

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.

Key dates

02Disclosure timeline

May 14, 2025 CVE published
May 14, 2025 Record updated

Related vulnerabilities

04Related CVE