CVE-2025-47241

Summary

In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.

Affected Software

VendorProductVersion RangeStatus
browser-usebrowser-use0 < 0.1.45affected

Weaknesses

  • CWE-647: CWE-647 Use of Non-Canonical URL Paths for Authorization Decisions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References