CVE-2025-64495: 
JavaScript vulnerability analysis and mitigation

Open WebUI, a self-hosted artificial intelligence platform designed to operate offline, contains a high-severity vulnerability (CVE-2025-64495) in versions 0.6.34 and below. The vulnerability exists in the platform's prompt-handling functionality when the 'Insert Prompt as Rich Text' feature is enabled, where custom prompts are inserted into the chat window without proper sanitization of the prompt body when assigned to the DOM sink .innerHtml (GitHub Advisory, NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) with a CVSS v3.1 score of 8.7 (High). The flaw exists in the replaceCommandWithText function within src/lib/components/common/RichTextInput.svelte, where user-controlled HTML from prompt bodies is assigned to tempDiv.innerHTML without proper sanitization. While the marked.parse library is used for processing, it explicitly does not provide HTML sanitization, leaving the application vulnerable to XSS attacks (GitHub Advisory, Miggo).

The vulnerability can lead to account takeover (ATO) through session token theft, as malicious JavaScript can read and exfiltrate session tokens from localStorage. For admin accounts, the impact is more severe as it can result in remote code execution (RCE) on the host system through the platform's 'Functions' feature, which allows admins to execute arbitrary Python code (Security Online, GitHub Advisory).

The vulnerability has been patched in version 0.6.35 by implementing proper HTML sanitization using DOMPurify before assigning content to .innerHtml. Users are strongly advised to upgrade to this version or later. For those unable to upgrade immediately, ensuring the 'Insert Prompt as Rich Text' setting remains disabled provides an effective workaround (GitHub Advisory).