PraisonAI Unauthenticated WebSocket Session Hijacking (CVE-2025-4289)

PraisonAI Browser Server WebSocket Unauthorized Session Hijacking Vulnerability Summary Vulnerability Overview Vulnerability Name: PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions CVE ID: CVE-2025-4289 CVSS Score: 9.1/10 (Critical) Vulnerability Type: Unauthorized Access, Session Hijacking Affected Versions: - (pip): = 4.5.139 - (pip): >= 1.5.140 Vulnerability Details PraisonAI’s by default exposes the browser bridge on 0.0.0.0, and its endpoint accepts WebSocket clients even when the header is omitted. Unauthorized network clients can connect as fake controllers, send a command, forward to another connected browser extension WebSocket, and receive the resulting stream without going through the hijacked session. This enables unauthorized remote exploitation of active browser automation sessions without any credentials. Impact Scope Any network client that can reach the exposed bridge Can impersonate workflow controller endpoints Can hijack available connected extension sessions Can receive automation output May lead to: - Unauthorized browser operations - Misuse of model-driven automation - Leakage of sensitive page content or automation results Affected Users Operators running with default host binding Users with active connected browser extension sessions Environments where the bridge is accessible from other hosts on the network Remediation Measures 1. Require explicit authentication for each WebSocket client connecting to 2. Reject WebSocket handshakes that omit the header, unless using a separate authenticated localhost-only transport 3. Bind the browser bridge to 127.0.0.1 by default; enable non-localhost exposure only with explicit operator opt-in 4. Do not route to “the first other idle connection”; instead, explicitly pair authenticated controllers and extension clients POC Code Shell Script (tmp/pocs/poc.sh) Python Code (tmp/pocs/poc.py)

Goal Reached Thanks to every supporter — we hit 100%!

PraisonAI Unauthenticated WebSocket Session Hijacking (CVE-2025-4289)

More from this source