Low severity3.7NVD Advisory· Published Mar 9, 2026· Updated Apr 29, 2026

CVE-2025-15603

Description

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/b9fc7fee-d25d-4100-9703-5e78a61e1ce4nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000