This WebUI vulnerability permits distant code execution - here is find out how to keep protected

[ad_1]

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection featuresExploitation might allow account takeover and RCE through malicious mannequin URLs and Capabilities API chainingPatch v0.6.35 provides middleware protections; customers urged to limit Direct Connections and monitor device permissions Open WebUI, an open-source, self-hosted internet interface for interacting with native or distant AI language fashions, carried a high-severity vulnerability that enabled account takeover and, in some circumstances, distant code execution (RCE), as properly.

That is in keeping with Cato CTRL Senior Safety Researcher Vitaly Simonovich who, in October 2025, disclosed a vulnerability that's now tracked as CVE-2025-64496.

This bug, which was given a severity rating of 8.0/10 (excessive), is described as a code injection flaw within the Direct Connection options, which permits risk actors to run arbitrary JavaScript in browsers through Server-Despatched Occasion (SSE) execute occasions.

Chances are you'll like

Customers invited to patch Direct Connections lets customers join the interface on to exterior, OpenAI-compatible mannequin servers by specifying a customized API endpoint.

By abusing the flaw, risk actors can steal tokens and fully take over compromised accounts. They, in flip, will be chained with the Capabilities API, resulting in distant code execution on the backend server.

The silver lining, in keeping with NVD, is that the sufferer must first allow Direct Connections, which is disabled by default, and add the attacker’s malicious mannequin URL. The latter, nonetheless, will be achieved comparatively simply via social engineering.

Affected variations embrace v.0.6.34, and earlier, and customers are suggested to patch to model 0.6.35, or newer. Cato mentioned the repair provides middleware to dam the execution of SSEs from Direct Connection servers.

Signal as much as the TechRadar Professional publication to get all the highest information, opinion, options and steerage your enterprise must succeed!

Moreover, the researchers additionally mentioned customers ought to deal with connections to exterior AI servers like third-party code, and with that in thoughts, ought to restrict Direct Connections solely to correctly vetted providers.

Lastly, customers also needs to restrict the workspace.instruments permissions to important customers solely and hold tabs on any suspicious device creations. “This can be a typical belief boundary failure between untrusted mannequin servers and a trusted browser context,” Cato concluded.

<img alt="Best antivirus software header" srcset="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j-140-80.png 140w" sizes="99vw" class="person__avatar image-wrapped__image image__image" loading="lazy" data-normal="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" src="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" data-pin-media="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" data-pin-nopin="true" data-slice-image="true"/> One of the best antivirus for all budgets

Our high picks, based mostly on real-world testing and comparisons Comply with TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, critiques, and opinion in your feeds. Be certain to click on the Comply with button!

And naturally you may as well comply with TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.