CVE-2025-64496

HIGH EPSS 93.9%
Published Nov 8, 20257mo ago · Modified Jun 17, 20261w ago
8.0 CVSS 3.1
High
Find Similar
Published Nov 8, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.

CVSS Details

Base Score
8.0
Exploitability
2.1
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
93.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 4

CWE-501
CWE-829
CWE-830
CWE-95

Affected Products 1

VendorProductVersionRange
openwebuiopen_webui* <0.6.35

References 2

  • github.com https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca
    Patch
  • github.com https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca
    Patch