CVE-2025-4641 — BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Ent

Description

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.1.0.

How to fix CVE-2025-4641

To remediate CVE-2025-4641, upgrade the affected package to a fixed version below.

—upgrade to 6.1.0 or later

Is CVE-2025-4641 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.0.0, < 6.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-4641
PATCHgithub.com/bonigarcia/webdrivermanager
WEBgithub.com/bonigarcia/webdrivermanager/pull/1458