automatic1111 Stable Diffusion WebUI Cross-Site WebSocket Hijacking Vulnerability

Vulnerability

A Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in automatic1111/stable-diffusion-webui version 1.10.0. This vulnerability allows an attacker to clone a malicious server extension from a GitHub repository. The issue stems from inadequate validation of WebSocket connections at ws://127.0.0.1:7860/queue/join, which permits unauthorized actions on the server. Exploitation of this vulnerability could result in the unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and a potential denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and a potential denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

automatic1111 Stable Diffusion WebUI Cross-Site WebSocket Hijacking Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating