Skip to content

[GHSA-2823-wfgm-j3hr] open-webui v0.5.16 is vulnerable to SSRF in routers... #8034

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Classic298 wants to merge 1 commit into
base: Classic298/advisory-improvement-8034
Choose a base branch
from
+24 −2
Open

[GHSA-2823-wfgm-j3hr] open-webui v0.5.16 is vulnerable to SSRF in routers... #8034

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 24 additions & 2 deletions advisories/unreviewed/2025/04/GHSA-2823-wfgm-j3hr/GHSA-2823-wfgm-j3hr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,41 @@
"aliases": [
"CVE-2025-29446"
],
"details": "open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.",
"summary": "[DISPUTED BY VENDOR] open-webui SSRF in routers/ollama.py verify_connection",
"details": "> **DISPUTED BY VENDOR (Open WebUI maintainers).** This advisory does not describe a vulnerability. The cited endpoint (`routers/ollama.py:verify_connection`) is gated by an admin-only authentication dependency — reachable only by administrators verifying a model-server URL they themselves just configured. The \"attacker\" is the administrator typing a URL into a settings field they own. Out of scope per the Open WebUI security policy (Rule 9, Admin Actions). The vendor was not contacted before publication (originated from a personal markdown file in an unrelated GitHub repository, submitted directly to MITRE). A formal REJECT request is pending with MITRE. See: https://docs.openwebui.com/security/vendor-dispositions/cve-2025-29446/\n\n---\n\nopen-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": ""
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29446"
},
{
"type": "WEB",
"url": "https://docs.openwebui.com/security/vendor-dispositions/cve-2025-29446"
},
{
"type": "WEB",
"url": "https://github.com/jcxj/jcxj/blob/master/source/_posts/open-webui-ssrf%E6%BC%8F%E6%B4%9E.md"
Expand Down