Description

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

INFO

Published Date :

2025-12-18T00:00:00.000Z

Last Modified :

2025-12-18T17:51:07.483Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63391 vulnerability.

Vendors Products
Open-webui
  • Open-webui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63391.

URL Resource
https://gist.github.com/Cristliu/13c41b97285b776275bc8bfd3504e51b cve-icon cve-icon
https://github.com/open-webui/open-webui/issues cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System