安全研究人员发现Browser Use项目存在严重漏洞(CVE-2025-47241),CVSS评分为9.3。该漏洞允许攻击者通过在HTTP认证用户名中嵌入诱骗域绕过域名白名单保护。此问题源于_url_allowed()方法中对域名的处理方式,影响所有版本至0.1.44,建议升级至0.1.45修复。 2025-5-7 00:35:33 Author: securityonline.info(查看原文) 阅读量:17 收藏
Security researchers from ARIMLABS.AI have disclosed a serious vulnerability in the Browser Use project—a tool that provides browser automation capabilities for AI agents. Tracked as CVE-2025-47241, the flaw carries a CVSS score of 9.3 and allows attackers to bypass domain whitelisting protections by embedding a decoy domain in the HTTP authentication username portion of a URL.
The core of the issue lies within the allowed_domains list in the BrowserContextConfig class, which is intended to act as a whitelist for accessible URLs. While the module is designed to restrict URL access during agent initialization, researchers at ARIMLABS.AI discovered a bypass. The vulnerability resides in the _is_url_allowed() method.
According to the advisory, “The core issue stems from the line domain = domain.split(':')[0], which allows an attacker to manipulate basic authentication credentials by providing a username:password pair.” This manipulation enables attackers to replace the username with a whitelisted domain, effectively bypassing the intended security check.
The advisory provides a clear proof of concept (POC) to illustrate the vulnerability. By setting allowed_domains to ['example.com'] and using the following URL: https://example.com:pass@localhost:8080, an attacker can bypass whitelist controls and gain unauthorized access to restricted internal services.
The implications of this vulnerability are significant. As the advisory states, it affects “all users relying on this functionality for security” and creates the “potential for unauthorized enumeration of localhost services and internal networks.” Furthermore, it grants the “ability to bypass domain whitelisting, leading to unauthorized browsing.”
The vulnerability affects all versions of the Browser Use module up to and including 0.1.44. Users are urged to update to the patched version, 0.1.45, immediately to mitigate the risk.
Related Posts:
如有侵权请联系:admin#unsafe.sh