Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
ai-platform-securityinternet-facing-service-vulnerabilityproof-of-concept-releasewidely-deployed-product-advisory

Open WebUI XSS Vulnerability (CVE-2025-64495) Enables Remote Code Execution via Malicious Prompts

Updated 6m agoFirst seen Nov 14, 20252 sources

A critical vulnerability, CVE-2025-64495, has been identified in Open WebUI, a self-hosted AI web interface framework. The flaw is a stored DOM-based cross-site scripting (XSS) issue in the "Insert Prompt as Rich Text" feature, which allows attackers to inject malicious scripts. If exploited, this vulnerability can lead to remote code execution (RCE) with administrative privileges when an admin interacts with a crafted prompt, posing a significant risk to organizations using Open WebUI for managing AI workflows and data.

Security researchers have published proof-of-concept (PoC) details and technical analysis demonstrating how the vulnerability can be leveraged to compromise the system. The issue highlights the importance of sanitizing user input in web applications, especially those handling sensitive AI operations. Administrators are urged to apply available patches and review their Open WebUI deployments to mitigate the risk of exploitation.

Share:
Open WebUI XSS Vulnerability (CVE-2025-64495) Enables Remote Code Execution via Malicious Prompts
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

2 events from the most recent confirmed update back to the earliest known activity.

2 EVENTS
Nov 14, 20258mo ago

Researchers describe admin-to-RCE impact path for CVE-2025-64495

Follow-up reporting detailed how exploitation of CVE-2025-64495 could be chained from stored XSS to remote code execution by targeting an administrator. The write-up emphasized malicious prompts as the delivery mechanism and clarified the severity of the attack path.

Nov 13, 20258mo ago

Stored DOM XSS in Open WebUI documented as CVE-2025-64495

A vulnerability affecting Open WebUI was publicly disclosed as CVE-2025-64495, described as a stored DOM XSS issue tied to the "Insert Prompt as Rich Text" feature. The flaw could let a malicious prompt execute attacker-controlled script in an administrator's browser session.

The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.