CVE-2025-63681
04.12.2025, 16:16
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.