CVE-2025-65958 – Open WebUI versions before 0.6.37 contain a Ser... (How to Fix)

Q: What is the severity of CVE-2025-65958?

CVE-2025-65958 has a CVSS score of 8.5 (HIGH). Open WebUI versions before 0.6.37 contain a Server-Side Request Forgery (SSRF) vulnerability that allows any authenticated user to make the server send HTTP requests to arbitrary internal or external URLs. This can lead to unauthorized access to cloud metadata, internal network services, and sensitive data exfiltration. All Open WebUI instances running vulnerable versions with authenticated users are affected.

📋 TL;DR

Open WebUI versions before 0.6.37 contain a Server-Side Request Forgery (SSRF) vulnerability that allows any authenticated user to make the server send HTTP requests to arbitrary internal or external URLs. This can lead to unauthorized access to cloud metadata, internal network services, and sensitive data exfiltration. All Open WebUI instances running vulnerable versions with authenticated users are affected.

💻 Affected Systems

Products:

Open WebUI

Versions: All versions prior to 0.6.37

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; no special permissions needed beyond basic authentication.

📦 What is this software?

Open Webui by Openwebui

View all CVEs affecting Open Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of cloud infrastructure via metadata endpoints, lateral movement through internal networks, data exfiltration from internal services, and potential credential theft leading to full environment takeover.

🟠

Likely Case

Unauthorized access to internal services, cloud metadata harvesting, network reconnaissance, and potential data leakage from systems accessible to the Open WebUI server.

🟢

If Mitigated

Limited impact if network segmentation restricts server access, but still potential for information disclosure from accessible services.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SSRF vulnerabilities are commonly exploited; authenticated access required but no special privileges needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.37

Vendor Advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685

Restart Required: Yes

Instructions:

1. Backup your Open WebUI configuration and data. 2. Update Open WebUI to version 0.6.37 or later using your deployment method (Docker, manual install, etc.). 3. Restart the Open WebUI service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Open WebUI server's network access to only required services using firewall rules.

Authentication Hardening

all

Implement strong authentication controls and limit user access to only trusted individuals.

🧯 If You Can't Patch

Implement strict network egress filtering to block all outbound HTTP/HTTPS traffic from the Open WebUI server except to required services.
Deploy a web application firewall (WAF) with SSRF protection rules and monitor for suspicious outbound requests.

🔍 How to Verify

Check if Vulnerable:

Check your Open WebUI version; if it's below 0.6.37, you are vulnerable.

Check Version:

Check the Open WebUI web interface settings or run: docker inspect open-webui | grep VERSION

Verify Fix Applied:

Confirm Open WebUI version is 0.6.37 or higher and test that SSRF attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Open WebUI server
Requests to internal IP addresses or cloud metadata endpoints
Multiple failed connection attempts to various internal services

Network Indicators:

HTTP traffic from Open WebUI server to unexpected destinations
Requests to 169.254.169.254 (AWS metadata) or similar cloud endpoints
Port scanning patterns originating from Open WebUI server

SIEM Query:

source="open-webui" AND (dest_ip=169.254.169.254 OR dest_ip=metadata.google.internal OR dest_ip IN [RFC1918 ranges])

📊 Metadata

CVE ID: CVE-2025-65958

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-918

EPSS Score: 0.08% exploit probability (22.6th percentile)

Published: December 4, 2025

Last Updated: December 10, 2025

🔗 References

https://github.com/open-webui/open-webui/commit/02238d3113e966c353fce18f1b65117380896774 Patch
https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685 Exploit,Vendor Advisory
https://github.com/open-webui/open-webui/security/advisories/GHSA-c6xv-rcvw-v685 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65958, you might also want to check these: