CVE-2025-4218

Summary

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
handrewbrowserpilot0.2.0affected
handrewbrowserpilot0.2.1affected
handrewbrowserpilot0.2.2affected
handrewbrowserpilot0.2.3affected
handrewbrowserpilot0.2.4affected
handrewbrowserpilot0.2.5affected
handrewbrowserpilot0.2.6affected
handrewbrowserpilot0.2.7affected
handrewbrowserpilot0.2.8affected
handrewbrowserpilot0.2.9affected
handrewbrowserpilot0.2.10affected
handrewbrowserpilot0.2.11affected
handrewbrowserpilot0.2.12affected
handrewbrowserpilot0.2.13affected
handrewbrowserpilot0.2.14affected
handrewbrowserpilot0.2.15affected
handrewbrowserpilot0.2.16affected
handrewbrowserpilot0.2.17affected
handrewbrowserpilot0.2.18affected
handrewbrowserpilot0.2.19affected
handrewbrowserpilot0.2.20affected
handrewbrowserpilot0.2.21affected
handrewbrowserpilot0.2.22affected
handrewbrowserpilot0.2.23affected
handrewbrowserpilot0.2.24affected
handrewbrowserpilot0.2.25affected
handrewbrowserpilot0.2.26affected
handrewbrowserpilot0.2.27affected
handrewbrowserpilot0.2.28affected
handrewbrowserpilot0.2.29affected
handrewbrowserpilot0.2.30affected
handrewbrowserpilot0.2.31affected
handrewbrowserpilot0.2.32affected
handrewbrowserpilot0.2.33affected
handrewbrowserpilot0.2.34affected
handrewbrowserpilot0.2.35affected
handrewbrowserpilot0.2.36affected
handrewbrowserpilot0.2.37affected
handrewbrowserpilot0.2.38affected
handrewbrowserpilot0.2.39affected
handrewbrowserpilot0.2.40affected
handrewbrowserpilot0.2.41affected
handrewbrowserpilot0.2.42affected
handrewbrowserpilot0.2.43affected
handrewbrowserpilot0.2.44affected
handrewbrowserpilot0.2.45affected
handrewbrowserpilot0.2.46affected
handrewbrowserpilot0.2.47affected
handrewbrowserpilot0.2.48affected
handrewbrowserpilot0.2.49affected
handrewbrowserpilot0.2.50affected
handrewbrowserpilot0.2.51affected

Weaknesses

  • CWE-94: Code Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References