Low severity3.7NVD Advisory· Published Mar 9, 2026· Updated Apr 29, 2026
CVE-2025-15603
CVE-2025-15603
Description
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=0.6.16
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.