CVE-2025-62364

Name of the Vulnerable Software and Affected Versions text-generation-webui versions through 3.13

Description text-generation-webui is a web interface for running Large Language Models. A Local File Inclusion issue exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. The application follows the symbolic link and serves the contents of the targeted file through the web interface. This allows an unauthenticated attacker to read sensitive files on the server, potentially exposing system configurations and credentials.

Recommendations Update to version 3.14 or later.