Cybersecurity Vulnerabilities

Critical Security Alert: Stored XSS in Open WebUI (CVE-2025-65959)

December 4, 2025 - By 

Overview

A high-severity Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-65959, has been discovered in Open WebUI, a self-hosted artificial intelligence platform designed for offline operation. This vulnerability affects versions prior to 0.6.37.

The flaw resides in the Notes PDF download functionality, allowing attackers to inject malicious JavaScript code that can be executed when a victim downloads a crafted note as a PDF. Successful exploitation can lead to session token theft, potentially granting attackers unauthorized access to user accounts, including administrative accounts.

Technical Details

The vulnerability stems from insufficient sanitization of Markdown content imported into Open WebUI’s Notes feature. An attacker can craft a Markdown file containing malicious SVG tags with embedded JavaScript code. When an authenticated user (or even an unauthenticated user through social engineering) downloads this note as a PDF, the embedded JavaScript within the SVG tag is executed.

Specifically, the crafted Markdown can contain code similar to this:


<svg onload=alert("XSS Vulnerability!")>

This allows attackers to steal session tokens and potentially perform other malicious actions within the context of the victim’s session.

CVSS Analysis

  • CVE ID: CVE-2025-65959
  • Severity: HIGH
  • CVSS Score: 8.7

A CVSS score of 8.7 indicates a high-severity vulnerability. This score reflects the potential for significant impact, ease of exploitation, and the wide range of potential damage that could result from successful exploitation.

Possible Impact

Successful exploitation of this vulnerability can lead to:

  • Session Token Theft: Attackers can steal session tokens from both regular and administrative users.
  • Account Takeover: With stolen session tokens, attackers can impersonate users and gain unauthorized access to their accounts.
  • Data Breach: Attackers could potentially access and exfiltrate sensitive data stored within the Open WebUI instance.
  • Privilege Escalation: If an administrator account is compromised, attackers can gain full control over the Open WebUI platform.
  • Arbitrary Code Execution: In certain scenarios, an attacker may be able to execute arbitrary code on the server hosting Open WebUI, although this requires a more complex exploit chain.

Mitigation and Patch Steps

The vulnerability is fixed in Open WebUI version 0.6.37. To mitigate this risk, it is strongly recommended to upgrade your Open WebUI instance to version 0.6.37 or later as soon as possible.

  1. Upgrade Open WebUI: Follow the official Open WebUI upgrade instructions to update your instance to version 0.6.37 or later. Consult the project documentation for specific upgrade procedures.
  2. Verify the Upgrade: After upgrading, verify that the new version is running correctly and that the vulnerability is no longer present.
  3. Monitor for Suspicious Activity: Keep a close watch on your Open WebUI logs for any unusual activity that might indicate a past or attempted exploit.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *