Code Injection Vulnerability in Open WebUI AI Platform
CVE-2025-64496

7.3HIGH

Key Information:

Vendor

Open-webui

Status
Open-webui
Vendor
CVE Published:
8 November 2025

Badges

đź‘ľ Exploit Existsđź“° News Worthy

What is CVE-2025-64496?

The Open WebUI platform, known for its self-hosted AI capabilities, contains a code injection vulnerability in the Direct Connections feature. This flaw, present in versions up to 0.6.224, allows malicious external model servers to run arbitrary JavaScript in the victim's browser through Server-Sent Events (SSE). As a result, attackers can hijack authentication tokens, potentially leading to complete account takeovers. When combined with the Functions API, this vulnerability can also enable remote code execution on the backend server. The risk is heightened if users enable Direct Connections—though disabled by default—and inadvertently add a malicious model URL, which may occur through social engineering tactics aimed at the admin and users. This vulnerability has been addressed in version 0.6.35.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

open-webui < 0.6.35

News Articles

References

https://github.com/open-webui/open-webui/security/advisor...
x_refsource_CONFIRM
https://github.com/open-webui/open-webui/commit/8af6a4cf2...
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit known to exist

  • đź“°

    First article discovered by WebProNews

  • Vulnerability published

  • Vulnerability Reserved

JSON
.