Description
A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Published: 2025-05-02
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13303 A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
History

Tue, 17 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Andrewhhan
Andrewhhan browserpilot
CPEs cpe:2.3:a:andrewhhan:browserpilot:*:*:*:*:*:*:*:*
Vendors & Products Andrewhhan
Andrewhhan browserpilot

Mon, 05 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 02 May 2025 20:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Title handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection
Weaknesses CWE-74
CWE-94
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Andrewhhan Browserpilot
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-05-05T14:55:29.704Z

Reserved: 2025-05-02T12:55:47.049Z

Link: CVE-2025-4218

cve-icon Vulnrichment

Updated: 2025-05-05T14:40:55.381Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-02T21:15:24.057

Modified: 2025-06-17T14:16:53.353

Link: CVE-2025-4218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses