Open WebUI vulnerable to Stored DOM XSS via Note ‘Download...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.

AI Analysis

Stored XSS vulnerability in Open-WebUI's Notes PDF download functionality

Basic Information

ID CVE-2025-65959

Source GitHub_M

Published Dec 4, 2025 at 20:46

Affected Product

Vendor open-webui

Product open-webui

Version < 0.6.37

Affected Versions open-webui open-webui < 0.6.37

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Open-WebUI

Product Open WebUI

Version < 0.6.37

References

{
    "lastseen": "",
    "description": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as PDF. This vulnerability can be exploited by any authenticated user, and unauthenticated external attackers can steal session tokens from users (both admin and regular users) by sharing specially crafted markdown files. This vulnerability is fixed in 0.6.37.",
    "published": "2025-12-04T20:46:36.575Z",
    "modified": "2025-12-04T20:46:36.575Z",
    "type": "cve",
    "title": "Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'",
    "source": "GitHub_M",
    "references": "https://github.com/open-webui/open-webui/security/advisories/GHSA-8wvc-869r-xfqf\nhttps://github.com/open-webui/open-webui/commit/03cc6ce8eb5c055115406e2304fbf7e3338b8dce",
    "id": "CVE-2025-65959",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "open-webui open-webui < 0.6.37",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "open-webui",
    "version": "< 0.6.37",
    "vendor": "open-webui",
    "ai_description": "Stored XSS vulnerability in Open-WebUI's Notes PDF download functionality",
    "ai_severity": "High",
    "ai_vendor": "Open-WebUI",
    "ai_product": "Open WebUI",
    "ai_version": "< 0.6.37",
    "ai_score": 8.7
}

Open WebUI vulnerable to Stored DOM XSS via Note ‘Download PDF’_CVE-2025-65959