What's Happening?
Security researchers have identified a high-severity vulnerability in Open WebUI, a self-hosted enterprise interface for large language models. The flaw, tracked as CVE-2025-64496, is linked to the unsafe
handling of server-sent events (SSE) in the platform's Direct Connections feature. This vulnerability allows external model servers to inject malicious code, potentially leading to account takeovers and remote code execution on backend servers. The issue arises when users connect Open WebUI to an attacker-controlled model endpoint, which can execute injected JavaScript to steal JSON Web Tokens (JWTs) and gain persistent access to AI workspaces. The flaw has been rated with a high severity score by both NVD and GitHub, and a patch has been released in Open WebUI v0.6.35 to block 'execute' SSE events from Direct Connections.
Why It's Important?
The discovery of this vulnerability in Open WebUI highlights significant security risks for enterprises using large language models. The ability for attackers to inject malicious code and hijack AI workloads poses a threat to data integrity and confidentiality. Organizations relying on Open WebUI for AI operations could face unauthorized access to sensitive information, leading to potential data breaches and financial losses. The flaw underscores the importance of robust security measures in AI platforms, especially as enterprises increasingly integrate AI into their operations. The incident also serves as a reminder for organizations to keep their software updated to mitigate such vulnerabilities.
What's Next?
Organizations using Open WebUI are advised to update to the latest version to mitigate the vulnerability. Security teams should review their systems for any signs of compromise and ensure that Direct Connections are only established with trusted model servers. The incident may prompt further scrutiny of AI platform security, leading to enhanced security protocols and practices. Additionally, enterprises might consider conducting regular security audits and training employees on safe connection practices to prevent similar vulnerabilities from being exploited in the future.
