In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 29 Jul 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Openwebui
Openwebui open Webui
CPEs cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*
Vendors & Products Openwebui
Openwebui open Webui
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Thu, 10 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Open-webui
Open-webui open-webui
CPEs cpe:2.3:a:open-webui:open-webui:*:*:*:*:*:*:*:*
Vendors & Products Open-webui
Open-webui open-webui
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.
Title Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2024-10-10T14:57:57.866Z

Reserved: 2024-07-23T17:48:28.192Z

Link: CVE-2024-7037

cve-icon Vulnrichment

Updated: 2024-10-10T14:57:53.344Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-09T20:15:09.477

Modified: 2025-07-29T18:47:38.720

Link: CVE-2024-7037

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.