DOM XSS Vulnerability in Open WebUI Self-Hosted AI Platform
CVE-2025-64495

8.7HIGH

Key Information:

Vendor

Open-webui

Status
Open-webui
Vendor
CVE Published:
8 November 2025

Badges

πŸ“ˆ Score: 1,240πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2025-64495?

CVE-2025-64495 is a vulnerability identified in the Open WebUI self-hosted AI platform, which is designed to function entirely offline. This platform facilitates various AI interactions by allowing users to create and manage custom chat prompts. The vulnerability specifically pertains to versions 0.6.34 and earlier, where the feature enabling users to insert custom prompts as rich text is susceptible to a DOM-based Cross-Site Scripting (XSS) attack. When this feature is activated, the prompt body's contents are directly rendered into the document's DOM via the .innerHtml property without appropriate sanitization. This flaw can be exploited by any user who has the permissions to generate prompts, as they can insert malicious scripts that may be executed when other users interact with the affected commands. Consequently, this poses a significant risk, allowing for unauthorized access or manipulation of data.

Potential impact of CVE-2025-64495

  1. Data Breach Risks: The vulnerability facilitates the potential for attackers to execute scripts that could lead to the unauthorized accessing or leaking of sensitive user data. This could have severe implications for data privacy and compliance with regulations.

  2. User Trust Erosion: If users become aware of this vulnerability and its implications, their trust in the security of the Open WebUI platform may be compromised. This could result in decreased user adoption or an exodus of existing users from the platform.

  3. Malicious Payload Execution: The absence of sufficient input sanitization allows attackers to plant payloads that execute upon command, leading to a complete compromise of the session or data of unsuspecting users engaging with the platform. This scenario could further exacerbate the impact by enabling the spread of other malicious activities throughout the organization.

Affected Version(s)

open-webui < 0.6.35

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-64495-POC
Created by AlphabugX

News Articles

favicon imagewiz.io

CVE-2025-64495 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-64495 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

References

https://github.com/open-webui/open-webui/security/advisor...
x_refsource_CONFIRM
https://github.com/open-webui/open-webui/commit/eb9c4c0e3...
x_refsource_MISC
https://github.com/open-webui/open-webui/blob/7a83e7dfa36...
x_refsource_MISC

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ“°

    First article discovered by wiz.io

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64495 : DOM XSS Vulnerability in Open WebUI Self-Hosted AI Platform