Arbitrary File Write in open-webui Affects User Data Management
CVE-2024-7034

6.5MEDIUM

Key Information:

Vendor: Open-webui
Status: Open-webui/open-webui
Vendor: CVE Published:; 20 March 2025

Summary

In open-webui version 0.3.8, the /models/upload endpoint is susceptible to arbitrary file write due to inadequate management of user-supplied filenames. This flaw results from using an unsanitized input in the file path creation process, specifically file_path = f"{UPLOAD_DIR}/{file.filename}". Attackers can exploit this by inserting directory traversal sequences in the file.filename parameter, allowing them to manipulate the file path, escape the designated UPLOAD_DIR, and overwrite critical system files. Such unauthorized modifications can compromise system binaries, configuration files, and sensitive information, enhancing the risk of remote command execution.

Affected Version(s)

open-webui/open-webui <= unspecified

References

https://huntr.com/bounties/711beada-10fe-4567-9278-80a689...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jul 23, 2024