CVE-2025-64496HIGH 8.0EPSS p93.8%

CVE-2025-64496CVE-2025-64496

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This leads to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker's malicious model URL, achievable through social engineering of the admin and subsequent users. This issue is fixed in version 0.6.35.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS7.60% probability of exploitation · percentile 93.8% · 2026-06-18T12:00:27Z
Published2025-11-08
Last modified2025-11-26

Underlying weaknesses· 4

CWE-95CWE-501CWE-829CWE-830

References

  1. https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca
  2. https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx
  3. https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx

4

TypeTargetConfidenceTier
WeaknessTrust Boundary Violationcwe-5010%live
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-8290%live
WeaknessInclusion of Web Functionality from an Untrusted Sourcecwe-8300%live
WeaknessImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')cwe-950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-45672
CVE
CVE-2026-45400
CVE
CVE-2026-45401
CVE
CVE-2026-45402
CVE
CVE-2026-45301
CVE
CVE-2026-44549
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.