CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Openwebui: >> Open Webui >> 0.6.41 Security Vulnerabilities

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

CVSS Score

4.3

EPSS Score

0.0

Published

2025-12-04

Page 1

Vulnerabilities

Vulnerable Software

Openwebui: >> Open Webui >> 0.6.41 Security Vulnerabilities

Products

Pricing

Contact Us