CVE-2025-47241 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
mitre	CNA	4 MEDIUM				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Common Weakness Enumeration

CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions
The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

References

https://github.com/browser-use/browser-use/pull/1561

https://github.com/browser-use/browser-use/releases/tag/0.1.45

https://github.com/browser-use/browser-use/security/advisories/GHSA-x39x-9qw5-ghrf