← back
CVE-2025-4641

XML External Entity (XXE) injection vulnerability in WebDriverManager

CVSS 9.3 CRITICALEPSS 0.5%CWE-611
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H
Affected products
bonigarcia · webdrivermanager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bonigarcia/webdrivermanager/pull/1458