CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...