Vulnerability Description
A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webarena | Webarena | <= 0.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/web-arena-x/webarena/issues/194ExploitIssue TrackingThird Party Advisory
- https://github.com/web-arena-x/webarena/issues/194#issuecomment-2796165922ExploitIssue Tracking
- https://vuldb.com/?ctiid.306376Permissions RequiredVDB Entry
- https://vuldb.com/?id.306376Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.558415Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-4022?
CVE-2025-4022 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/ev...
How severe is CVE-2025-4022?
CVE-2025-4022 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4022?
Check the references section above for vendor advisories and patch information. Affected products include: Webarena Webarena.