Home > Vulnerability Database > CVE-2025-47241

Mend.io Vulnerability Database

CVE-2025-47241

Good to know:

Date: May 2, 2025

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

Severity Score

4.0

Related Resources (6)

Url: https://github.com/browser-use/browser-use/pull/1561

Url: https://github.com/browser-use/browser-use/security/advisories/GHSA-x39x-9qw5-ghrf

Url: https://github.com/browser-use/browser-use

Url: https://github.com/browser-use/browser-use/releases/tag/0.1.45

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47241

Url: https://www.mend.io/vulnerability-database/CVE-2025-47241

Severity Score

4.0

Weakness Type (CWE)

Use of Non-Canonical URL Paths for Authorization Decisions

CWE-647

Top Fix

Upgrade Version

Upgrade to version browser-use - 0.1.45;browser-use - 0.1.45;https://github.com/browser-use/browser-use.git - 0.1.45

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47241

Good to know:

Date: May 2, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?