InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote code execution on enterprise AI backends. Security researchers have ...
Infosecurity Magazine

High-Severity Flaw in Open WebUI Affects AI Connections

The flaw, tracked as CVE-2025-64496 and discovered by Cato Networks researchers, impacts Open WebUI versions 0.6.34 and older when the Direct Connections feature is enabled. The issue carries a ...