4 matches found
CVE-2025-63681
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...
CVE-2025-63681
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers a normal user to stop arbitrary LLM response tasks...
PT-2025-49046
Name of the Vulnerable Software and Affected Versions open-webui version 0.6.33 Description The software contains a flaw related to access control. The /api/tasks/stop/ API endpoint allows direct access and cancellation of tasks without verifying user ownership. This enables an attacker, even a...
CVE-2025-63681
Open-WebUI CVE-2025-63681 affects v0.6.33. The API endpoint /api/tasks/stop/ allows direct cancellation of tasks without verifying ownership, enabling a normal user to stop arbitrary LLM response tasks (Incorrect Access Control). Base score 4.3 (Medium); attack vector NETWORK, privileges required...