CVE-2025-64496

Exploit

EPSS 0.15%
Veröffentlicht 08.11.2025 01:29:02
Zuletzt bearbeitet 26.11.2025 15:36:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 4 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openwebui ≫ Open Webui Version < 0.6.35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.348

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-501 Trust Boundary Violation

The product mixes trusted and untrusted data in the same data structure or structured message.

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

CWE-830 Inclusion of Web Functionality from an Untrusted Source

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx

Third Party Advisory

Exploit

https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-64496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64496

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64496