CVE-2025-29446: SSRF
Published Apr 21, 2025
·Updated
open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verifyconnection.
Affected Software
2 affected components
open-webui open-webui
openwebui Open WebUI=0.5.16
Event History
Apr 21, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·05:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-29446?
CVE-2025-29446 is classified as a moderate severity vulnerability due to the risk of server-side request forgery (SSRF).
2
How do I fix CVE-2025-29446?
To fix CVE-2025-29446, update open-webui to a patched version where the SSRF vulnerability has been addressed.
3
What are the potential impacts of exploiting CVE-2025-29446?
Exploiting CVE-2025-29446 can allow an attacker to send unauthorized requests to internal resources from the server.
4
Which versions of open-webui are affected by CVE-2025-29446?
CVE-2025-29446 affects open-webui version 0.5.16.
5
How can I verify if my system is exploiting CVE-2025-29446?
You can verify exploitation of CVE-2025-29446 by checking logs for unusual outgoing requests or by conducting a targeted security assessment.