Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'
CVE-2025-65959

8.7HIGH

Key Information:

Vendor: Open-webui
Status: Open-webui
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-65959?

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.

Affected Version(s)

open-webui < 0.6.37

References

https://github.com/open-webui/open-webui/security/advisor...

x_refsource_CONFIRM

https://github.com/open-webui/open-webui/commit/03cc6ce8e...

x_refsource_MISC

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Nov 18, 2025

JSON

Open-webui

What is CVE-2025-65959?

Affected Version(s)

References

CVSS V3.1

Timeline