SecuriTricks - CVE-2025-65958

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37.

Product(s) Impacted

Vendor	Product	Versions
Openwebui	Openwebui	<0.6.37

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	openwebui	openwebui	<0.6.37	/	/	/	/	/	/	/

References

https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774

https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685

CVSS Score

8.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

View Vector String

Timeline

Published: Dec. 4, 2025, 8:16 p.m.
Last Modified: Dec. 4, 2025, 8:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2025-65958