SSRF Vulnerability in Open-WebUI by JCXJ

CVE-2025-29446

Summary

The Open-WebUI version 0.5.16 is susceptible to a Server-Side Request Forgery (SSRF) vulnerability in the verify_connection function located in routers/ollama.py. This security flaw can allow an attacker to manipulate the server to make unauthorized requests to internal resources, potentially leading to the exposure of sensitive data or the compromise of internal systems. Users of this version should prioritize applying security updates or patches to safeguard against potential exploits.

References