CVE-2025-63391

Description

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

PUBLISHED Reserved 2025-10-27 | Published 2025-12-18 | Updated 2025-12-18 | Assigner mitre

References

github.com/open-webui/open-webui/issues

gist.github.com/Cristliu/13c41b97285b776275bc8bfd3504e51b

cve.org (CVE-2025-63391)

nvd.nist.gov (CVE-2025-63391)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.