CVE-2025-64496

CVE-2025-64496 Open WebUI : A code injection vulnerability in the Direct Connections feature (v0.6.224 and earlier) allows external model servers to push SSE events that execute arbitrary JavaScript in victim browsers, leading to token theft, account takeover, and potential backend RCE when combi...

CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...

CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers vi...

CVE-2025-64495

Open WebUI (self-hosted offline AI platform) is affected by a Stored DOM XSS in RichTextInput when the “Insert Prompt as Rich Text” option is enabled. In versions 0.6.34 and earlier, the prompt body is parsed with marked.parse and then assigned to a temporary div’s innerHTML without sanitisation,...

CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. In versions 0.6.34 and below, the functionality that inserts custom prompts into the chat window is vulnerable to DOM XSS when 'Insert Prompt as Rich Text' is enabled, since the prompt body is...