SB2026042439 - Multiple vulnerabilities in Open WebUI

Description

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2025-65959)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary JavaScript code and steal session tokens.

The vulnerability exists due to cross-site scripting in the Notes PDF download functionality in src/lib/components/notes/utils.ts downloadPdf() when processing imported markdown content during PDF generation. A remote user can import or share a specially crafted markdown file containing malicious SVG tags to execute arbitrary JavaScript code and steal session tokens.

User interaction is required when the victim downloads the note as a PDF.

2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-65958)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to access internal services and disclose sensitive information.

The vulnerability exists due to server-side request forgery (ssrf) in /api/v1/retrieval/process/web when processing a user-supplied URL. A remote user can send a specially crafted request containing an arbitrary URL to access internal services and disclose sensitive information.

No special permissions beyond basic authentication are required, and cloud metadata endpoints may be reachable in affected deployments.

Remediation

Install update from vendor's website.

References

• https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf
• https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685