PT-2025-17455 · Unknown · Open-Webui
L1Uyi
·
Published
2025-04-21
·
Updated
2025-05-28
·
CVE-2025-29446
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
open-webui version 0.5.16
Description
The issue concerns a Server-Side Request Forgery (SSRF) vulnerability. It is located in the routers/ollama.py file, specifically in the
verify connection() function.Recommendations
For open-webui version 0.5.16, consider restricting access to the
verify connection() function in routers/ollama.py until a patch is available. As a temporary workaround, disabling the verify connection() function may help minimize the risk of exploitation.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Webui