Platform
other
Component
open-webui
Fixed in
0.6.38
CVE-2025-65958 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Open WebUI, a self-hosted offline AI platform. This vulnerability allows authenticated users to manipulate the server into making HTTP requests to arbitrary URLs, potentially exposing sensitive information and internal resources. The vulnerability impacts versions of Open WebUI prior to 0.6.37 and has been resolved in version 0.6.37.
The SSRF vulnerability in Open WebUI poses a significant risk because it allows attackers to bypass security controls and access resources that should be protected. An attacker could leverage this vulnerability to access cloud metadata endpoints (AWS, GCP, Azure), revealing sensitive credentials and configuration data. Internal network scanning becomes possible, enabling reconnaissance and identification of vulnerable internal services. Furthermore, the attacker can potentially exfiltrate sensitive data stored within the Open WebUI instance or accessible through internal services. The impact is amplified by the fact that only basic authentication is required to exploit this flaw, making it accessible to a wide range of attackers.
CVE-2025-65958 was publicly disclosed on December 4, 2025. The vulnerability's ease of exploitation, combined with the potential for significant data exposure, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-65958 is to immediately upgrade Open WebUI to version 0.6.37 or later. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These may include restricting outbound network access from the Open WebUI server using a firewall or proxy server, allowing only connections to trusted domains. Additionally, implement strict input validation on any user-supplied URLs to prevent malicious redirection. After upgrading, verify the fix by attempting to trigger an SSRF request to an external URL; the request should be blocked or result in an error.
Update Open WebUI to version 0.6.37 or higher. This version corrects the SSRF vulnerability that allows authenticated users to make HTTP requests to arbitrary URLs, mitigating the risk of access to cloud metadata, scanning internal networks, and exfiltration of sensitive information.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-65958 is a Server-Side Request Forgery vulnerability in Open WebUI versions prior to 0.6.37, allowing authenticated users to make arbitrary HTTP requests.
You are affected if you are running Open WebUI version 0.6.37 or earlier. Immediately check your version and upgrade if necessary.
Upgrade Open WebUI to version 0.6.37 or later. As a temporary workaround, restrict outbound network access using a firewall or proxy server.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor security advisories for updates.
Refer to the Open WebUI project's official website and GitHub repository for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.