CVE-2025-47241 is a medium-severity vulnerability affecting the 'browser-use' software prior to version 0.1.45. The issue stems from improper URL parsing of the 'allowed_domains' configuration, specifically due to the mishandling of the userinfo component within the authority section of URLs. In URL syntax, the authority component can include userinfo (username and password) before the host, e.g., userinfo@host. This vulnerability arises because the software fails to canonicalize URLs correctly before making authorization decisions, allowing an attacker to craft non-canonical URLs that bypass domain restrictions. This is classified under CWE-647, which concerns the use of non-canonical URL paths for authorization decisions. The vulnerability does not impact confidentiality or availability but can lead to integrity issues by allowing unauthorized actions or access within the context of the application. The CVSS 3.1 base score is 4.0 (medium), with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), scope changed (S:C), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability requires an attacker to send specially crafted URLs to bypass domain-based authorization checks, potentially enabling unauthorized operations or access within the affected application environment.

For European organizations using 'browser-use' software, this vulnerability could allow attackers to circumvent domain-based authorization controls, potentially leading to unauthorized actions or access within internal or web-based applications relying on this component. Although the confidentiality and availability impacts are negligible, the integrity of operations or data could be compromised, which may affect business processes or data trustworthiness. Organizations in sectors with strict regulatory requirements around data integrity and access control—such as finance, healthcare, and government—may face compliance risks if unauthorized actions occur due to this flaw. The medium severity and lack of known exploits reduce immediate risk, but the potential for exploitation in targeted attacks remains, especially if the software is used in critical workflows or exposed to external networks.

European organizations should immediately audit their use of 'browser-use' software and identify affected versions prior to 0.1.45. Until an official patch is released, organizations should implement strict input validation and URL canonicalization on all inputs involving domain checks to ensure userinfo components are properly handled or stripped before authorization decisions. Network-level controls such as web application firewalls (WAFs) can be configured to detect and block suspicious URL patterns containing userinfo in the authority component. Additionally, organizations should monitor logs for unusual URL access patterns that could indicate exploitation attempts. Where possible, restrict access to the affected application to trusted networks or users to reduce exposure. Finally, maintain close monitoring for vendor updates or patches and apply them promptly once available.