CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

Published Dec 6, 2025

https://github.com/advisories/GHSA-frv8-gffc-37px

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-63681

open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.

Published Dec 6, 2025

https://github.com/advisories/GHSA-frv8-gffc-37px

CVSS ScoreMedium

4.3


pypi	open-webui	0.1.124
pypi	open-webui	0.1.125
pypi	open-webui	0.2.0.dev1
pypi	open-webui	0.2.0.dev2
pypi	open-webui	0.2.0.dev3
pypi	open-webui	0.2.0.dev4
pypi	open-webui	0.2.0
pypi	open-webui	0.2.1
pypi	open-webui	0.2.2
pypi	open-webui	0.2.3
pypi	open-webui	0.2.4
pypi	open-webui	0.2.5
pypi	open-webui	0.3.0
pypi	open-webui	0.3.10
pypi	open-webui	0.3.11
pypi	open-webui	0.3.12
pypi	open-webui	0.3.13
pypi	open-webui	0.3.14
pypi	open-webui	0.3.15
pypi	open-webui	0.3.16
pypi	open-webui	0.3.17.dev1
pypi	open-webui	0.3.17.dev2
pypi	open-webui	0.3.17.dev3
pypi	open-webui	0.3.17.dev4
pypi	open-webui	0.3.17.dev5
pypi	open-webui	0.3.17.dev6
pypi	open-webui	0.3.17
pypi	open-webui	0.3.18
pypi	open-webui	0.3.19
pypi	open-webui	0.3.1
pypi	open-webui	0.3.20
pypi	open-webui	0.3.21
pypi	open-webui	0.3.22
pypi	open-webui	0.3.23
pypi	open-webui	0.3.24
pypi	open-webui	0.3.25
pypi	open-webui	0.3.26
pypi	open-webui	0.3.27.dev1
pypi	open-webui	0.3.27.dev2
pypi	open-webui	0.3.27.dev3
pypi	open-webui	0.3.27
pypi	open-webui	0.3.28
pypi	open-webui	0.3.29
pypi	open-webui	0.3.2
pypi	open-webui	0.3.30.dev1
pypi	open-webui	0.3.30.dev2
pypi	open-webui	0.3.30
pypi	open-webui	0.3.31.dev1
pypi	open-webui	0.3.31
pypi	open-webui	0.3.32

Ecosystem	Package	Version


pypi	open-webui	0.1.124
pypi	open-webui	0.1.125
pypi	open-webui	0.2.0.dev1
pypi	open-webui	0.2.0.dev2
pypi	open-webui	0.2.0.dev3
pypi	open-webui	0.2.0.dev4
pypi	open-webui	0.2.0
pypi	open-webui	0.2.1
pypi	open-webui	0.2.2
pypi	open-webui	0.2.3
pypi	open-webui	0.2.4
pypi	open-webui	0.2.5
pypi	open-webui	0.3.0
pypi	open-webui	0.3.10
pypi	open-webui	0.3.11
pypi	open-webui	0.3.12
pypi	open-webui	0.3.13
pypi	open-webui	0.3.14
pypi	open-webui	0.3.15
pypi	open-webui	0.3.16
pypi	open-webui	0.3.17.dev1
pypi	open-webui	0.3.17.dev2
pypi	open-webui	0.3.17.dev3
pypi	open-webui	0.3.17.dev4
pypi	open-webui	0.3.17.dev5
pypi	open-webui	0.3.17.dev6
pypi	open-webui	0.3.17
pypi	open-webui	0.3.18
pypi	open-webui	0.3.19
pypi	open-webui	0.3.1
pypi	open-webui	0.3.20
pypi	open-webui	0.3.21
pypi	open-webui	0.3.22
pypi	open-webui	0.3.23
pypi	open-webui	0.3.24
pypi	open-webui	0.3.25
pypi	open-webui	0.3.26
pypi	open-webui	0.3.27.dev1
pypi	open-webui	0.3.27.dev2
pypi	open-webui	0.3.27.dev3
pypi	open-webui	0.3.27
pypi	open-webui	0.3.28
pypi	open-webui	0.3.29
pypi	open-webui	0.3.2
pypi	open-webui	0.3.30.dev1
pypi	open-webui	0.3.30.dev2
pypi	open-webui	0.3.30
pypi	open-webui	0.3.31.dev1
pypi	open-webui	0.3.31
pypi	open-webui	0.3.32

Find vulnerabilities. Fix fast with AI.

CVE-2025-63681

CVE-2025-63681