What's Happening?
A significant security vulnerability has been identified in Open WebUI, a platform used for connecting to AI model servers. The flaw, tracked as CVE-2025-64496, was discovered by Cato Networks researchers
and affects versions 0.6.34 and older when the Direct Connections feature is enabled. This vulnerability, rated 7.3 out of 10 in severity, allows malicious servers to execute JavaScript code in a user's browser, potentially leading to account takeovers and server compromises. The flaw arises from a trust failure between untrusted model servers and the user's browser session, enabling attackers to steal authentication tokens. These tokens can then be used to access the victim's Open WebUI account, exposing chat histories, uploaded files, and sensitive credentials. The issue was reported in October 2025 and publicly disclosed in November 2025 after a patch was validated.
Why It's Important?
The discovery of this vulnerability highlights the critical need for robust security measures in AI and tech platforms. With the increasing reliance on AI for various applications, such vulnerabilities pose significant risks to data integrity and user privacy. Organizations using Open WebUI must update to version 0.6.35 or newer to mitigate these risks. The incident underscores the importance of secure authentication practices and the need for organizations to restrict access to sensitive resources. Failure to address such vulnerabilities could lead to severe data breaches, affecting businesses and individuals relying on AI technologies.
What's Next?
Organizations using Open WebUI are advised to upgrade to the latest version to protect against this vulnerability. Additionally, they should implement stronger authentication protocols and limit access to critical resources. As AI technology continues to evolve, ongoing vigilance and proactive security measures will be essential to safeguard against similar threats. The tech community may also see increased collaboration to enhance security standards across AI platforms.
