VYPR
Unrated severityOSV Advisory· Published Dec 18, 2025· Updated Jan 22, 2026

CVE-2025-63391

CVE-2025-63391

Description

An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openwebui/Open WebuiOSV2 versions
    v0.1.102, v0.1.103, v0.1.104, …+ 1 more
    • (no CPE)range: v0.1.102, v0.1.103, v0.1.104, …
    • (no CPE)range: <=0.6.32

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.