Use of Non-Canonical URL Paths for Authorization Decisions

CVE-2025-47241

Medium

4/10

Summary

In browser-use (aka Browser Use), URL parsing of "allowed_domains" is mishandled because userinfo can be included in the authority component. This issue affects versions 0.1.28 through 0.1.44.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions

The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published May 03, 2025

Use of Non-Canonical URL Paths for Authorization Decisions

CVE-2025-47241

Summary

CWE-647 - Use of Non-Canonical URL Paths for Authorization Decisions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS