CVE-2025-63681: Open-WebUI Plagued by Arbitrary LLM Task Cancellation Vulnerability

Overview

CVE-2025-63681 identifies an Incorrect Access Control vulnerability found in Open-WebUI version 0.6.33. This flaw allows a standard user to stop arbitrary Large Language Model (LLM) response tasks initiated by other users. The issue stems from a lack of proper authorization checks when accessing the /api/tasks/stop/ endpoint.

Published on 2025-12-04T16:16:22.447, this vulnerability exposes the application to potential denial-of-service scenarios and unauthorized interference with user workflows.

Technical Details

The vulnerability resides in the /api/tasks/stop/ API endpoint. Specifically, the Open-WebUI backend code (as observed in the identified code snippet) directly accesses and cancels tasks based solely on the task ID provided in the request. It fails to verify whether the user making the request is the owner of the task or has sufficient privileges to stop it. This lack of access control allows any authenticated user, regardless of their permissions, to interrupt and cancel LLM tasks initiated by other users.

The vulnerability is triggered when a malicious user crafts a request to the /api/tasks/stop/ endpoint, providing the ID of a task initiated by another user. The system, lacking appropriate authorization checks, proceeds to terminate the specified task, effectively disrupting the other user’s workflow.

CVSS Analysis

Currently, a CVSS score and severity rating are not available (N/A) for CVE-2025-63681. However, based on the nature of the vulnerability (Incorrect Access Control leading to potential denial-of-service), it is likely to receive a Medium to High severity rating, depending on the ease of exploitation and the potential impact on the application’s availability and functionality. A careful assessment of the attack vector, attack complexity, privileges required, user interaction, scope, confidentiality, integrity, and availability should be done to determine the final CVSS score.

Possible Impact

The successful exploitation of CVE-2025-63681 can lead to several negative consequences:

• Denial of Service (DoS): An attacker can repeatedly stop legitimate user tasks, effectively preventing users from utilizing the LLM functionality.
• Workflow Disruption: Critical or time-sensitive tasks can be interrupted, leading to workflow delays and frustration.
• Resource Wastage: Users may initiate tasks that are subsequently terminated, wasting computational resources and time.

Mitigation and Patch Steps

To mitigate CVE-2025-63681, the following steps should be taken:

1. Apply the Patch: Upgrade to a version of Open-WebUI that includes a fix for this vulnerability. Check the Open-WebUI project’s official website or GitHub repository for the latest releases and security patches.
2. Implement Access Control Checks: The backend code handling the /api/tasks/stop/ endpoint must be modified to verify that the user making the request has the necessary permissions to stop the specified task. This should involve checking the user’s identity and comparing it to the task owner or verifying that the user has administrative privileges.
3. Input Validation: Implement robust input validation to ensure that only valid task IDs are accepted by the API endpoint.