CVE-2025-15603

Name of the Vulnerable Software and Affected Versions open-webui versions prior to 0.6.16

Description A security issue exists in open-webui. The JWT Key Handler component contains a weakness related to insufficiently random values generated due to manipulation of the WEBUI SECRET KEY argument within the file backend/start windows.bat. This allows for remote attacks, though exploitation is considered difficult and requires a high level of complexity. The exploit has been publicly disclosed.

Recommendations Update to a version of open-webui greater than 0.6.16.