CVE-2025-64496: 
JavaScript vulnerability analysis and mitigation

CVE-2025-64496 affects Open WebUI, a self-hosted artificial intelligence platform, in versions 0.6.224 and prior. The vulnerability was discovered and disclosed on November 7, 2025. The issue exists in the Direct Connections feature, which allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events (NVD, GitHub Advisory).

The vulnerability is a code injection flaw in the Direct Connections feature that processes Server-Sent Events (SSE) from external servers. The vulnerable component is the frontend SSE event handler that processes an 'execute' event type, allowing arbitrary JavaScript execution through unsafe use of new Function(). The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N. Multiple CWE classifications have been assigned, including CWE-95 (Eval Injection), CWE-830 (Inclusion of Web Functionality from Untrusted Source), CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), and CWE-501 (Trust Boundary Violation) (GitHub Advisory).

The vulnerability can lead to authentication token theft, complete account takeover, and when chained with the Functions API, enables remote code execution on the backend server. The attack affects all users who enable Direct Connections feature, particularly impacting organizations using 'bring your own model' policies and development environments. The feature being designed for external connections makes social engineering attacks highly plausible (GitHub Advisory).

The vulnerability has been fixed in version 0.6.35. Users should upgrade to this version or later to mitigate the risk. As a temporary workaround, ensure that Direct Connections feature remains disabled and avoid adding untrusted external model URLs (NVD, GitHub Commit).