CVE-2025-12487
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-webui installations without authentication. Attackers can exploit the trust_remote_code parameter in the join endpoint to load malicious models and gain code execution. All users running vulnerable versions of text-generation-webui are affected.
💻 Affected Systems
- oobabooga/text-generation-webui
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining service account privileges, potentially leading to data theft, lateral movement, or ransomware deployment.
Likely Case
Remote code execution leading to unauthorized access, data exfiltration, or cryptocurrency mining on affected systems.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting the isolated service.
🎯 Exploit Status
ZDI has confirmed the vulnerability and exploitation appears straightforward based on the description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit b5a6904c4ac4049823396090360b6f566f4e4603 or later
Vendor Advisory: https://github.com/oobabooga/text-generation-webui/commit/b5a6904c4ac4049823396090360b6f566f4e4603
Restart Required: Yes
Instructions:
1. Update to latest version: git pull origin main
2. Restart the text-generation-webui service
3. Verify the fix by checking the commit hash includes b5a6904c4ac4049823396090360b6f566f4e4603
🔧 Temporary Workarounds
Disable join endpoint
allRemove or disable the vulnerable join endpoint if not required
Modify server configuration to disable the /join endpoint
Network isolation
linuxRestrict network access to text-generation-webui instances
iptables -A INPUT -p tcp --dport [PORT] -j DROP
Use firewall rules to limit access to trusted IPs only
🧯 If You Can't Patch
- Immediately isolate affected systems from internet and untrusted networks
- Implement strict network access controls and monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if your installation is using a commit prior to b5a6904c4ac4049823396090360b6f566f4e4603Check Version:
git log --oneline -1Verify Fix Applied:
Verify the commit hash includes b5a6904c4ac4049823396090360b6f566f4e4603 or later📡 Detection & Monitoring
Log Indicators:
- Unusual model loading requests
- Suspicious trust_remote_code parameter values
- Unexpected process execution from text-generation-webui
Network Indicators:
- HTTP requests to /join endpoint with trust_remote_code parameter
- Outbound connections from text-generation-webui to unexpected destinations
SIEM Query:
source="text-generation-webui" AND (uri_path="/join" OR parameter="trust_remote_code")