CVE-2025-63391 | Open-WebUI up to 0.6.32 Endpoint /api/config improper authentication

December 18, 2025 Yanac

A vulnerability classified as problematic was found in Open-WebUI up to 0.6.32. This affects an unknown function of the file /api/config of the component Endpoint. Such manipulation leads to improper authentication.

This vulnerability is referenced as CVE-2025-63391. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-14823 | ConnectWise ScreenConnect up to 1.0.12 insertion of sensitive information into sent data
CVE-2025-65011 | WODESYS WD-R608U/WDR28/WDR122B direct request