Open WebUI Direct Connections account takeover flaw (CVE-2025-64496)
Vulnerability
Summary
Hide ▲
Show ▼
Open WebUI Direct Connections contains CVE-2025-64496, a flaw that lets a malicious external model server execute browser JavaScript and steal authentication tokens, creating account takeover risk for affected users. The issue affects Open WebUI 0.6.34 and older when Direct Connections is enabled, and 0.6.35 and later block the malicious execute events. For users with elevated permissions, the same weakness can escalate to remote code execution.
Timeline
-
06.01.2026 17:30 2 articles · 4mo ago
Open WebUI discloses CVE-2025-64496 in Direct Connections
Initial DisclosureCato Networks researchers identified CVE-2025-64496 in Open WebUI's Direct Connections feature, where a malicious external model server could trigger browser-side JavaScript execution and steal authentication tokens, leading to account takeover and, for users with elevated permissions, possible remote code execution. The issue was reported to Open WebUI maintainers in October 2025 and publicly disclosed on November 7 2025 after patch validation and CVE assignment; Open WebUI 0.6.35 and later block the malicious execute events.
Show sources
- High-Severity Flaw in Open WebUI Affects AI Connections — www.infosecurity-magazine.com — 06.01.2026 17:30
- High-Severity Flaw in Open WebUI Affects AI Connections — www.infosecurity-magazine.com — 06.01.2026 17:30