Open WebUI has SSRF in /openai/models

GHSA-x757-hv69-jr45 · CVE-2024-7959

Published Mar 20, 2025 · Modified Mar 21, 2025

Description

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-7959
PACKAGE https://github.com/open-webui/open-webui
WEB https://huntr.com/bounties/3c8bea0a-d678-4d67-bb9c-2b5b610a2193

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes