Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / open-webui / CVE-2025-63391.yaml
CVE-2025-63391.yaml
 1  info:
 2    name: open-webui
 3    cve: CVE-2025-63391
 4    summary: Open-WebUI authentication bypass vulnerability in /api/config endpoint.
 5    details: |
 6      An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint.
 7      The endpoint lacks proper authentication and authorization controls, exposing sensitive system
 8      configuration data to unauthenticated remote attackers.
 9    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
10    severity: HIGH
11    security_advise: |
12      1. Upgrade Open-WebUI to a version greater than 0.6.32.
13      2. Implement proper authentication and authorization controls for the /api/config endpoint.
14  rule: version <= "0.6.32"
15  references:
16    - https://nvd.nist.gov/vuln/detail/CVE-2025-63391
17    - https://gist.github.com/Cristliu/13c41b97285b776275bc8bfd3504e51b
18    - https://gist.github.com/Cristliu/889471313b3c698fff74d32b7717807c
19    - https://github.com/open-webui/open-webui/issues