CVE-2025-46719: Stored XSS and Administrative RCE in Open WebUI
Vulnerability ID: CVE-2025-46719
CVSS Score: 7.4
Published: 2026-07-07
A critical Stored Cross-Site Scripting (XSS) vulnerability exists in Open WebUI versions prior to 0.6.6. The vulnerability resides in client-side Markdown rendering, where unvalidated iframe tags containing local API base URLs bypass DOMPurify sanitization. This flaw allows authenticated attackers to steal user session tokens. If an administrative session is compromised, the attacker can leverage the application's native Python execution capabilities ('Functions') to achieve arbitrary Remote Code Execution (RCE) on the hosting server.
TL;DR
Unsanitized Markdown parsing in Open WebUI lets attackers execute arbitrary client-side script via crafted iframe tokens, leading to session theft and administrative Remote Code Execution.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-79
- Attack Vector: Network
- CVSS Score: 7.4 (High)
- Exploit Status: Proof of Concept
- KEV Status: Not Listed
Affected Systems
- Open WebUI client-side Markdown rendering engine
-
Open WebUI: < 0.6.6 (Fixed in:
0.6.6)
Code Analysis
Commit: 6fd082d
HTMLToken.svelte refactoring to separate raw token texts and enforce sanitization logic
Exploit Details
- GitHub Security Advisory: Proof of concept details for bypassing Svelte markdown inline tokens parsing using raw iframe source strings.
Mitigation Strategies
- Restrict script-src directives using Content Security Policy (CSP) headers
- Deactivate Community Sharing options on sensitive instances
- Upgrade hosting instances immediately to version 0.6.6 or greater
Remediation Steps:
- For pip-installed setups, run: pip install --upgrade open-webui
- For Docker deployments, execute: docker pull ghcr.io/open-webui/open-webui:main
- Rebuild and restart containers to apply modifications client-side
References
- GitHub Security Advisory GHSA-9f4f-jv96-8766
- Fix Commit 6fd082d55ffaf6eb226efdeebc7155e3693d2d01
- Vulnerable Source Component
- Open WebUI v0.6.6 Release Notes
- NVD - CVE-2025-46719
Read the full report for CVE-2025-46719 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)