HIGH🇵🇱 Wersja polska

CVE-2025-64496

CVSS 7.3v3.1pub. 2025-11-08upd. 2025-11-26

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
  • Openwebui Open Webui

    APP
    Openwebui
    < 0.6.35
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-44551CRITICAL9.1PL ✓ten sam produkt

Open WebUI: pominięcie uwierzytelnienia LDAP przez puste hasło (Auth Bypass)

CVE-2024-8017CRITICAL9.0PL ✓ten sam produkt

XSS w Open WebUI — kradzież sesji i eskalacja uprawnień do admina

CVE-2024-7053CRITICAL9.0PL ✓ten sam produkt

Session fixation i kradzież sesji administratora w Open WebUI

CVE-2026-54007HIGH7.1ten sam produkt

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0....

CVE-2026-54008HIGH8.5ten sam produkt

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0....