CNNVD-202511-854 Information

CNNVD ID

CNNVD-202511-854

Related CVE

CVE-2025-64496

• CNNVD Published: 2025-11-08

Description (Chinese)

Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.6.224及之前版本存在安全漏洞，该漏洞源于Direct Connections功能存在代码注入漏洞，可能导致认证令牌窃取和账户接管。

Description (English)

Open WebUI is an extended, functional, user-friendly, open source of Open WebUI WebUI. Open WebUI 0.6.224 and previous versions had a security loophole, which stemmed from a code-in gap in the Direct Constructions function, which could lead to authentication token theft and account taking.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Open WebUI

Published

2025-11-08

Last Modified

2026-02-24

References

https://github.com/open-webui/open-webui/commit/8af6a4cf21b756a66cd58378a01c60f74c39b7ca https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx https://access.redhat.com/security/cve/cve-2025-64496

Patch

https://github.com/open-webui/open-webui/releases