0.3.9
CVE-2024-7959 describes a Server-Side Request Forgery (SSRF) vulnerability found in open-webui, a Python-based web UI, versions up to 0.3.8. This flaw allows attackers to redirect requests through the /openai/models endpoint, potentially exposing internal resources and leading to command execution. The vulnerability was published on 2025-03-20, and mitigation involves upgrading to a patched version or implementing temporary workarounds.
The SSRF vulnerability in open-webui allows an attacker to control the URL used by the /openai/models endpoint. By manipulating this URL, an attacker can force the application to make requests to arbitrary internal or external resources. This could expose sensitive data stored within the internal network, such as database credentials or API keys. More critically, an attacker could potentially access instance secrets, leading to command execution on the server hosting open-webui. This represents a significant escalation of risk, potentially allowing for complete system compromise. The ability to redirect requests to internal services without proper validation makes this a particularly dangerous vulnerability.
CVE-2024-7959 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely known at this time. The vulnerability's severity is considered HIGH due to the potential for command execution. The published date of 2025-03-20 indicates recent disclosure, and active exploitation is possible, though not confirmed.
Exploit Status
EPSS
0.36% (58% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-7959 is to upgrade open-webui to a version that addresses the SSRF vulnerability. Unfortunately, a fixed version is not explicitly mentioned in the provided data. As a temporary workaround, implement a Web Application Firewall (WAF) rule to restrict outbound requests from the /openai/models endpoint to only trusted OpenAI domains. Additionally, carefully review and restrict access to any internal services that might be exposed by this vulnerability. Consider implementing stricter network segmentation to limit the blast radius of a potential compromise. After upgrading (or implementing WAF rules), verify the mitigation by attempting to access an internal resource through the /openai/models endpoint; the request should be blocked or redirected to the intended OpenAI domain.
Update open-webui to a version later than 0.3.8 that fixes the SSRF vulnerability. Refer to the release notes or changelog for more details about the fix. As a temporary measure, restrict access to the instance and monitor outgoing requests.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-7959 is a Server-Side Request Forgery vulnerability in open-webui versions up to 0.3.8, allowing attackers to redirect requests and potentially gain command execution.
You are affected if you are using open-webui version 0.3.8 or earlier. Assess your deployment and implement mitigation strategies immediately.
Upgrade to a patched version of open-webui. If a patch is unavailable, implement a WAF rule to restrict outbound requests from the /openai/models endpoint.
Active exploitation is not confirmed, but the vulnerability's severity suggests it is a potential target for attackers.
Refer to the open-webui project's official repository and communication channels for updates and advisories related to CVE-2024-7959.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.