CVE-2025-12488
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-webui installations without authentication. Attackers can exploit the trust_remote_code parameter in the load endpoint to run malicious code with service account privileges. All users running vulnerable versions of text-generation-webui are affected.
💻 Affected Systems
- oobabooga/text-generation-webui
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, or establish persistent access.
Likely Case
Remote code execution leading to data theft, cryptocurrency mining, or system disruption.
If Mitigated
No impact if proper input validation and access controls are implemented.
🎯 Exploit Status
No authentication required, simple HTTP request exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit b5a6904c4ac4049823396090360b6f566f4e4603
Vendor Advisory: https://github.com/oobabooga/text-generation-webui/commit/b5a6904c4ac4049823396090360b6f566f4e4603
Restart Required: Yes
Instructions:
1. Update to latest version via git pull. 2. Restart the text-generation-webui service. 3. Verify the trust_remote_code parameter is properly validated.
🔧 Temporary Workarounds
Disable load endpoint
allRemove or restrict access to the vulnerable load endpoint.
Modify webui configuration to disable model loading via API
Network isolation
linuxRestrict network access to text-generation-webui.
iptables -A INPUT -p tcp --dport [webui-port] -j DROP
ufw deny [webui-port]
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the webui
- Run the service with minimal privileges and in isolated containers
🔍 How to Verify
Check if Vulnerable:
Check if your version is prior to commit b5a6904c4ac4049823396090360b6f566f4e4603Check Version:
git log --oneline -1Verify Fix Applied:
Verify the commit hash includes b5a6904c4ac4049823396090360b6f566f4e4603📡 Detection & Monitoring
Log Indicators:
- Unusual model loading requests
- Suspicious trust_remote_code parameter values
- Unexpected process execution
Network Indicators:
- HTTP POST requests to /load endpoint with malicious payloads
SIEM Query:
source="webui.log" AND "trust_remote_code" AND NOT "trust_remote_code=false"