Vulnerability Description
A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Andrewhhan | Browserpilot | <= 0.2.51 |
Related Weaknesses (CWE)
References
- https://github.com/handrew/browserpilot/issues/20ExploitIssue Tracking
- https://github.com/handrew/browserpilot/issues/20#issue-2999815850Exploit
- https://vuldb.com/?ctiid.307195Permissions RequiredVDB Entry
- https://vuldb.com/?id.307195Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.562383Third Party AdvisoryVDB Entry
- https://github.com/handrew/browserpilot/issues/20ExploitIssue Tracking
FAQ
What is CVE-2025-4218?
CVE-2025-4218 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/...
How severe is CVE-2025-4218?
CVE-2025-4218 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4218?
Check the references section above for vendor advisories and patch information. Affected products include: Andrewhhan Browserpilot.