DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-46719: CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI

Vulnerability ID: CVE-2025-46719
CVSS Score: 7.4
Published: 2026-07-07

A critical Stored Cross-Site Scripting (XSS) vulnerability exists in Open WebUI versions prior to 0.6.6. The vulnerability resides in client-side Markdown rendering, where unvalidated iframe tags containing local API base URLs bypass DOMPurify sanitization. This flaw allows authenticated attackers to steal user session tokens. If an administrative session is compromised, the attacker can leverage the application's native Python execution capabilities ('Functions') to achieve arbitrary Remote Code Execution (RCE) on the hosting server.

TL;DR

Unsanitized Markdown parsing in Open WebUI lets attackers execute arbitrary client-side script via crafted iframe tokens, leading to session theft and administrative Remote Code Execution.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79
  • Attack Vector: Network
  • CVSS Score: 7.4 (High)
  • Exploit Status: Proof of Concept
  • KEV Status: Not Listed

Affected Systems

  • Open WebUI client-side Markdown rendering engine
  • Open WebUI: < 0.6.6 (Fixed in: 0.6.6)

Code Analysis

Commit: 6fd082d

HTMLToken.svelte refactoring to separate raw token texts and enforce sanitization logic

Exploit Details

  • GitHub Security Advisory: Proof of concept details for bypassing Svelte markdown inline tokens parsing using raw iframe source strings.

Mitigation Strategies

  • Restrict script-src directives using Content Security Policy (CSP) headers
  • Deactivate Community Sharing options on sensitive instances
  • Upgrade hosting instances immediately to version 0.6.6 or greater

Remediation Steps:

  1. For pip-installed setups, run: pip install --upgrade open-webui
  2. For Docker deployments, execute: docker pull ghcr.io/open-webui/open-webui:main
  3. Rebuild and restart containers to apply modifications client-side

References


Read the full report for CVE-2025-46719 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)