1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This WebUI vulnerability allows remote code execution - here's ho

    From TechnologyDaily@1337:1/100 to All on Tue Jan 6 19:15:08 2026
    This WebUI vulnerability allows remote code execution - here's how to stay safe

    Date:
    Tue, 06 Jan 2026 19:05:00 +0000

    Description:
    Popular AI interface was plagued by an 8/10 bug, but a fix is now available.

    FULL STORY ======================================================================Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API chaining Patch v0.6.35 adds middleware protections; users urged to restrict Direct Connections and monitor tool permissions

    Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models , carried a high-severity vulnerability that enabled account takeover and, in some cases, remote code execution
    (RCE), as well.

    This is according to Cato CTRL Senior Security Researcher Vitaly Simonovich who, in October 2025, disclosed a vulnerability that is now tracked as CVE-2025-64496.

    This bug, which was given a severity score of 8.0/10 (high), is described as
    a code injection flaw in the Direct Connection features, which allows threat actors to run arbitrary JavaScript in browsers via Server-Sent Event (SSE) execute events. Users invited to patch

    Direct Connections lets users connect the interface directly to external, OpenAI-compatible model servers by specifying a custom API endpoint.

    By abusing the flaw, threat actors can steal tokens and completely take over compromised accounts. They, in turn, can be chained with the Functions API, leading to remote code execution on the backend server.

    The silver lining, according to NVD, is that the victim needs to first enable Direct Connections, which is disabled by default, and add the attackers malicious model URL. The latter, however, can be achieved relatively easily through social engineering.

    Affected versions include v.0.6.34, and earlier, and users are advised to patch to version 0.6.35, or newer. Cato said the fix adds middleware to block the execution of SSEs from Direct Connection servers.

    Furthermore, the researchers also said users should treat connections to external AI servers like third-party code, and with that in mind, should
    limit Direct Connections only to properly vetted services.

    Finally, users should also limit the workspace.tools permissions to essential users only and keep tabs on any suspicious tool creations. This is a typical trust boundary failure between untrusted model servers and a trusted browser context, Cato concluded.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-webui-vulnerability-allows-remote- code-execution-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)