AI description
CVE-2025-64495 affects Open WebUI, a self-hosted AI platform, specifically versions 0.6.34 and below. The vulnerability is a Stored DOM-based Cross-Site Scripting (XSS) issue that occurs when the "Insert Prompt as Rich Text" feature is enabled. The application doesn't sanitize the prompt body when inserting custom prompts into the chat window, which allows the injection of malicious code. An attacker with permission to create prompts can inject a malicious JavaScript payload that could be triggered when other users run the corresponding command to insert the prompt. Successful exploitation could lead to account takeover or even remote code execution. Version 0.6.35 addresses this vulnerability.
- Description
- Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is assigned to the DOM sink .innerHtml without sanitisation. Any user with permissions to create prompts can abuse this to plant a payload that could be triggered by other users if they run the corresponding / command to insert the prompt. This issue is fixed in version 0.6.35.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- open_webui
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
❌ W Open WebUI odkryto podatność XSS (CVE-2025-64495) w funkcji zapisywania promptów. ❌ Wadliwa sanityzacja HTML pozwalała wstrzyknąć złośliwy kod ❌ Atak umożliwiał odczyt części tokenów JWT oraz nawet RCE przez moduł Functions. ❌ Do ataku potrzebne były ok
@Sekurak
25 Nov 2025
3096 Impressions
4 Retweets
20 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-64495 : Open WebUI Stored DOM XSS Vulnerability Leading to ATO/RCE 🔥POC - https://t.co/e5nv6E2Ge1 👇Dork HUNTER : https://t.co/G5LwnS1fm6="open-webui" https://t.co/e2QJIPPBWl
@HackingTeam777
22 Nov 2025
653 Impressions
0 Retweets
2 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-64495: Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE CVSS: 8.7 PoC & Advisory: https://t.co/Vy4s9KsSwS FOFA Query: app="Open-WebUI" FOFA Results: 151,305 https://t.co/GWzW4YVzS4
@DarkWebInformer
17 Nov 2025
6023 Impressions
15 Retweets
56 Likes
16 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼ Disponibile un #PoC per lo sfruttamento della CVE-2025-64495 che interessa la piattaforma di intelligenza artificiale "self-hosted" #OpenWebUI Rischio: 🟠 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/pxMFzT03kn 🔄 Aggiornamenti d… https://t.co/
@Vulcanux_
11 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-64495 — Stored DOM XSS in Open WebUI (CVSS 8.7) Full advisory + PoC: 👉 https://t.co/u8AJ1kLpbV #CyberSecurity #XSS #Infosec #AppSec #Exploit #BugBounty
@pentestnews
10 Nov 2025
3 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-64495 (CVSS 8.7): Open WebUI suffers from a Stored DOM XSS when "Insert Prompt as Rich Text" is enabled. Unsanitized .innerHTML lets attackers inject payloads via prompts, leading to ATO/RCE. 🔥PoC: https://t.co/Y8j5hMm5J1 Search by vul.cve https://t.co/CPJtHY
@zoomeye_team
10 Nov 2025
5539 Impressions
9 Retweets
30 Likes
10 Bookmarks
1 Reply
1 Quote
⚠️⚠️ CVE-2025-64495 (CVSS 8.7 High): Stored DOM-XSS in Open WebUI ≤ 0.6.34 via “Insert Prompt as Rich Text” may lead to session hijacking or RCE 🔥PoC: https://t.co/VAmNQbITWN 🔗FOFA Link: https://t.co/s6NZRZ1JRq FOFA Query: app="Open-WebUI" #OSINT #FOFA #CyberS
@fofabot
10 Nov 2025
1597 Impressions
7 Retweets
17 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-64495 : Open WebUI Stored DOM XSS Vulnerability Leading to ATO/RCE 🔥POC : https://t.co/R9cKKA6ZBS 📊1.0M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/tD97gGPaov 👇Query HUNTER : https://t.co/q9rtuGfZuz="open
@HunterMapping
10 Nov 2025
4786 Impressions
21 Retweets
75 Likes
31 Bookmarks
0 Replies
0 Quotes
CVE-2025-64495 — Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is ena
@threatquarters
8 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-64495 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom… https://t.co/5pfCqYjZLZ
@CVEnew
8 Nov 2025
306 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-64495: HIGH] Cybersecurity alert: Open WebUI versions 0.6.34 and below are vulnerable to DOM XSS. Update to version 0.6.35 to fix this issue and enhance your online security.#cve,CVE-2025-64495,#cybersecurity https://t.co/CrCx7seYSt https://t.co/KKa5FJFTKd
@CveFindCom
8 Nov 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Certainly! Here's a comprehensive security analysis of CVE-2025-64495: #Cybersecurity #CVE #HighSeverity #SecurityAlert #RemoteCodeExecution #XSS https://t.co/txlPegXh3W
@CveTodo
8 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8274E63-8712-4A92-9161-E5D5EC241CD4",
"versionEndExcluding": "0.6.35"
}
],
"operator": "OR"
}
]
}
]