Karl.Fail

Tag: score:4.0

  • CVE-2025-4641: Critical XXE Vulnerability in WebDriverManager

    Overview

    A critical vulnerability identified as CVE-2025-4641 has been discovered in WebDriverManager, an open-source Java library by bonigarcia widely used to automate the management of WebDriver binaries in Selenium-based projects. This issue affects versions from 1.0.0 up to but not including 6.0.2 across Windows, MacOS, and Linux platforms.

    Vulnerability Details

    The vulnerability is categorized as an Improper Restriction of XML External Entity Reference (CWE-611), commonly known as an XXE Injection. It allows attackers to exploit XML parsing components in the affected modules, potentially triggering uncontrolled external entity resolution.

    Specifically, the vulnerability resides in the file WebDriverManager.java, where XML inputs are processed without adequately restricting external entities. This can result in the exposure of sensitive information, denial of service (billion laughs attack), or interaction with internal systems.

    Technical Breakdown

    • CVSS v4.0 Base Score: 9.3 (Critical)
    • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Impact: High Availability and Confidentiality, Low Integrity

    Impacts and Exploitation

    This vulnerability enables attackers to send malicious XML payloads to the system, potentially causing:

    • Denial of service via entity expansion attacks
    • Disclosure of internal file contents or environment variables
    • Interaction with internal systems behind firewalls

    According to CAPEC-221, this class of vulnerability involves Data Serialization External Entities Blowup.

    Affected Versions

    All versions of webdrivermanager from 1.0.0 up to 6.0.1 are affected. The vulnerability is patched in version 6.0.2.

    Mitigation and Recommendations

    • Upgrade to WebDriverManager version 6.0.2 or later.
    • Review XML processing configurations and disable external entity processing explicitly.
    • Conduct code audits for custom XML parsers in your Java environment.
    • Apply defense-in-depth practices such as input validation and access controls.

    Conclusion

    CVE-2025-4641 highlights the persistent risks of insecure XML parsing. Development teams should stay vigilant when handling structured data formats like XML and ensure that secure parser configurations are enforced by default. For more technical insights, refer to the related GitHub pull request.

  • Authentication Bypass in PAM-PKCS#11 due to Weak Default `cert_policy` Setting

    Overview

    CVE-2025-24032 identifies a critical vulnerability in PAM-PKCS#11, a Linux-PAM module enabling X.509 certificate-based authentication.

    Technical Details

    The vulnerability, classified under CWE-287: Improper Authentication, arises when cert_policy is set to none (default). In such cases, pam_pkcs11 validates only that a user can log into a token—without requiring private key signature verification.

    This means an attacker can craft a token using a victim’s public certificate and a known PIN. Since no signature is required, the attacker can bypass authentication and gain unauthorized access.

    Severity and CVSS

    • CVSS 4.0 Base Score: 9.2 (Critical)
    • Vector: AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

    Affected Versions

    All versions prior to pam_pkcs11-0.6.13 are impacted.

    Mitigation and Recommendations

    • Upgrade to version 0.6.13 immediately.
    • In pam_pkcs11.conf, set cert_policy = signature; explicitly to enforce private key verification.

    Conclusion

    This vulnerability demonstrates the dangers of insecure default configurations. Ensuring that authentication relies on proper cryptographic verification is critical for maintaining secure login workflows.

    For more technical details and mitigation steps, refer to the official GitHub advisory.

  • Critical RCE Vulnerability in Tauri Plugin Shell (CVE-2025-31477)

    Overview

    A critical security vulnerability, identified as CVE-2025-31477, has been discovered in the Tauri Plugin Shell, specifically affecting the open endpoint. This flaw allows improper scope validation, enabling the execution of dangerous protocols that can lead to remote code execution (RCE).

    Technical Details

    The vulnerability is rooted in CWE-20: Improper Input Validation. In affected versions prior to 2.2.1, the open endpoint fails to properly restrict supported protocols. Although it was intended to only permit safe protocols like https:// or mailto:, it mistakenly allowed others such as file://, smb://, or nfs://. When untrusted user input is passed to this endpoint, these protocols may be triggered, allowing arbitrary file access or command execution through the system’s registered protocol handler.

    Severity and Exploitation

    The vulnerability has a CVSS 4.0 base score of 9.3 (Critical), reflecting its high potential impact:

    • Attack Vector: Network
    • Privileges Required: None
    • User Interaction: None
    • Impact: High (Confidentiality, Integrity, Availability)

    This issue can be exploited either by exposing the vulnerable endpoint to users directly or by executing malicious code in the frontend of a Tauri application.

    Affected Versions

    • All versions of tauri-plugin-shell prior to 2.2.1

    Mitigation and Recommendations

    This vulnerability has been fixed in version 2.2.1. It is strongly recommended that all users of the Tauri shell plugin:

    • Upgrade to v2.2.1 or later immediately
    • Restrict usage of the open endpoint to trusted inputs
    • Audit frontend code to avoid execution of user-controlled inputs

    References