CVE-2025-62364
📋 TL;DR
This Local File Inclusion vulnerability in text-generation-webui allows unauthenticated attackers to read arbitrary files on the server by uploading symbolic links through the character picture upload feature. Anyone running text-generation-webui versions 3.13 or earlier is affected. The vulnerability exposes sensitive server files including configurations and credentials.
💻 Affected Systems
- text-generation-webui
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via credential theft from configuration files, SSH keys, or database credentials leading to lateral movement and data exfiltration.
Likely Case
Exposure of sensitive configuration files, API keys, and environment variables stored on the server.
If Mitigated
Limited impact if server runs with minimal privileges and sensitive files have restrictive permissions.
🎯 Exploit Status
Attack requires ability to upload files but no authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.14
Vendor Advisory: https://github.com/oobabooga/text-generation-webui/security/advisories/GHSA-66rw-q8w5-c2hg
Restart Required: No
Instructions:
1. Backup your configuration and models. 2. Update to version 3.14 using: git pull. 3. Verify the fix by checking version.
🔧 Temporary Workarounds
Disable character uploads
allDisable the character picture upload feature entirely
Modify configuration to disable character uploads or remove upload functionality
🧯 If You Can't Patch
- Implement strict file upload validation to reject symbolic links
- Run application with minimal privileges and restrict access to sensitive directories
🔍 How to Verify
Check if Vulnerable:
Check if running version 3.13 or earlier: python server.py --versionCheck Version:
python server.py --versionVerify Fix Applied:
Confirm version is 3.14 or later and test upload functionality with symbolic links📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from web interface
- Multiple failed upload attempts with unusual file types
Network Indicators:
- Requests to character upload endpoint with unusual file extensions
SIEM Query:
source=web_logs AND (uri_path="/upload/character" OR uri_path LIKE "%/character/upload%") AND (file_extension=".txt" OR file_extension=".lnk")