What's Happening?
A significant security vulnerability has been identified in Open WebUI, a platform used for connecting to AI model servers. The flaw, designated as CVE-2025-64496, affects versions 0.6.34 and older when
the Direct Connections feature is enabled. This vulnerability, discovered by Cato Networks researchers, has a severity rating of 7.3 out of 10. It allows malicious servers to exploit a trust failure between untrusted model servers and the user's browser session. By sending crafted server-sent events messages, attackers can execute JavaScript code in the browser, leading to the theft of authentication tokens stored in localStorage. These tokens can then be used to gain full access to the victim's Open WebUI account, exposing chat histories, uploaded documents, and API keys. The vulnerability was reported in October 2025 and publicly disclosed in November 2025 after a patch was validated.
Why It's Important?
The discovery of this vulnerability is critical as it highlights potential security risks in AI integration platforms like Open WebUI. The ability for attackers to hijack user accounts and access sensitive information poses a significant threat to organizations relying on these systems for AI workflows. The exposure of authentication tokens and sensitive data could lead to unauthorized access and data breaches, impacting user privacy and organizational security. This incident underscores the importance of robust security measures in AI and API integrations, as well as the need for timely updates and patches to mitigate such vulnerabilities.
What's Next?
Open WebUI has released a patch in version 0.6.35 to address the vulnerability by blocking malicious execute events. Organizations using Open WebUI are advised to update to the latest version to protect against this flaw. Additionally, Cato Networks recommends strengthening authentication processes, enhancing sandbox extensibility, and restricting access to specific resources to further safeguard against potential exploits. As AI technologies continue to evolve, ongoing vigilance and proactive security measures will be essential to protect against emerging threats.
