CVE-2025-65959 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-65959?

CVE-2025-65959 has a CVSS score of 8.7 (HIGH). A stored cross-site scripting (XSS) vulnerability in Open WebUI allows authenticated users to upload malicious Markdown files containing SVG tags that execute JavaScript when victims download notes as PDFs. This enables session token theft from both admin and regular users. Unauthenticated attackers can also exploit this by sharing specially crafted files.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in Open WebUI allows authenticated users to upload malicious Markdown files containing SVG tags that execute JavaScript when victims download notes as PDFs. This enables session token theft from both admin and regular users. Unauthenticated attackers can also exploit this by sharing specially crafted files.

💻 Affected Systems

Products:

Open WebUI

Versions: All versions prior to 0.6.37

Operating Systems: All platforms running Open WebUI

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with Notes PDF download functionality enabled are vulnerable.

📦 What is this software?

Open Webui by Openwebui

View all CVEs affecting Open Webui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover of admin users leading to full system compromise, data exfiltration, and potential lateral movement within the environment.

🟠

Likely Case

Session hijacking leading to unauthorized access to user accounts, data theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, but still potential for limited data exposure.

🌐 Internet-Facing: HIGH - External attackers can exploit via shared malicious files without authentication.

🏢 Internal Only: HIGH - Authenticated users can directly exploit the vulnerability to target other users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires creating malicious Markdown files with SVG tags and convincing users to download them as PDFs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.37

Vendor Advisory: https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf

Restart Required: Yes

Instructions:

1. Backup your Open WebUI configuration and data. 2. Update to version 0.6.37 or later using your deployment method (Docker, manual install, etc.). 3. Restart the Open WebUI service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Notes PDF Download

all

Temporarily disable the Notes PDF download functionality to prevent exploitation.

Modify Open WebUI configuration to disable PDF export features

Input Validation Filter

all

Implement server-side filtering to sanitize SVG tags in Markdown imports.

Add content security policies and input validation rules

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to prevent JavaScript execution from untrusted sources.
Monitor and restrict file uploads to trusted users only, and implement file type validation for Markdown imports.

🔍 How to Verify

Check if Vulnerable:

Check if Open WebUI version is below 0.6.37 and if Notes PDF download functionality is enabled.

Check Version:

Check Open WebUI web interface settings or deployment configuration for version information.

Verify Fix Applied:

Confirm version is 0.6.37 or higher and test PDF download functionality with safe test files.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns
Multiple PDF download requests from single users
Error logs related to SVG parsing

Network Indicators:

Unexpected external file downloads
Suspicious file sharing activity

SIEM Query:

Search for 'open-webui' AND ('pdf download' OR 'markdown import') with unusual frequency or from suspicious sources.

📊 Metadata

CVE ID: CVE-2025-65959

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: December 4, 2025

Last Updated: December 10, 2025

🔗 References

https://github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dce Patch
https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf Exploit,Vendor Advisory
https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65959, you might also want to check these: