diff --git a/advisories/unreviewed/2025/03/GHSA-cfvq-fj53-j2c7/GHSA-cfvq-fj53-j2c7.json b/advisories/unreviewed/2025/03/GHSA-cfvq-fj53-j2c7/GHSA-cfvq-fj53-j2c7.json
index fb96d78a6773e..e1f057f818b06 100644
--- a/advisories/unreviewed/2025/03/GHSA-cfvq-fj53-j2c7/GHSA-cfvq-fj53-j2c7.json
+++ b/advisories/unreviewed/2025/03/GHSA-cfvq-fj53-j2c7/GHSA-cfvq-fj53-j2c7.json
@@ -1,24 +1,46 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cfvq-fj53-j2c7",
-  "modified": "2025-03-20T12:32:46Z",
+  "modified": "2025-10-15T15:31:30Z",
   "published": "2025-03-20T12:32:45Z",
   "aliases": [
     "CVE-2024-7040"
   ],
-  "details": "In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of any administrator, including those of other admin (owner) accounts.",
+  "summary": "[DISPUTED BY VENDOR] Open WebUI Improper Access Control — Cross-Admin Chat Access via user_id",
+  "details": "> **DISPUTED BY VENDOR (Open WebUI maintainers).** This advisory does not describe a vulnerability. It describes an administrator-versus-administrator scenario — one admin reading another admin's chats via the `user_id` parameter on an admin-gated endpoint. Administrators of a single instance share one trust boundary and full system control; this is not a privilege boundary in the project's threat model. Out of scope per the Open WebUI security policy (Rules 7, 9). The corresponding report was filed via the project's GHSA channel (GHSA-3w8w-xvxq-jmwp) and closed as out-of-scope; huntr.dev published the CVE in disregard of that vendor disposition. A formal REJECT request is pending with MITRE. See: https://docs.openwebui.com/security/vendor-dispositions/cve-2024-7040/\n\n---\n\nIn version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of any administrator, including those of other admin (owner) accounts.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7040"
     },
+    {
+      "type": "WEB",
+      "url": "https://docs.openwebui.com/security/vendor-dispositions/cve-2024-7040"
+    },
     {
       "type": "WEB",
       "url": "https://huntr.com/bounties/bd182309-4aa4-4747-941e-bbc1741955c1"