OpenWebUI Arbitrary File Upload Vulnerability in Audio API Endpoint Allowing Path Traversal and Potential Remote Code Execution

Vulnerability

A vulnerability has been identified in OpenWebUI version 0.3.0 within the audio API endpoint '/audio/api/v1/transcriptions'. This vulnerability allows for arbitrary file uploads due to inadequate validation of the 'file.content_type' and the acceptance of user-controlled filenames, which creates a path traversal issue. An authenticated user could exploit this to overwrite critical files in the Docker container, possibly leading to remote code execution as the root user.

Impact

Exploitation of this vulnerability could result in unauthorized file overwrites within the Docker container, with the potential for remote code execution as the root user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenWebUI Arbitrary File Upload Vulnerability in Audio API Endpoint Allowing Path Traversal and Potential Remote Code Execution

Vulnerability

Impact

Affected Products

OpenWebUI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating