Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.
This issue affects webdrivermanager: from 1.0.0 before 6.0.2.
CVE ID: CVE-2025-4641
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H
Vendor: bonigarcia
Product: webdrivermanager
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 22.89% (scored less or equal to compared to others)
EPSS Date: 2025-06-12 (when was this score calculated)