SB2026042438 - Multiple vulnerabilities in Open WebUI

Description

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2025-64495)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary script in a victim's browser.

The vulnerability exists due to cross-site scripting in the RichTextInput.svelte prompt insertion functionality when processing prompt content as rich text. A remote user can create a crafted prompt and have a victim run the corresponding slash command to execute arbitrary script in a victim's browser.

The issue is exploitable only when the victim has enabled the 'Insert Prompt as Rich Text' setting, and exploitation requires user interaction to run the corresponding prompt command.

2) Eval Injection (CVE-ID: CVE-2025-64496)

CWE-ID: CWE-95 - Eval Injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser.

The vulnerability exists due to improper neutralization of directives in dynamically evaluated code in the frontend SSE event handler when processing Server-Sent Events from an external model server through Direct Connections. A remote user can send a specially crafted SSE execute event to execute arbitrary JavaScript in the victim's browser.

User interaction is required, and exploitation requires Direct Connections to be enabled and the victim to add the attacker's external model URL.

Remediation

Install update from vendor's website.

References

• https://github.com/open-webui/open-webui/security/advisories/GHSA-w7xj-8fx7-wfch
• https://github.com/open-webui/open-webui/security/advisories/GHSA-cm35-v4vp-5xvx