### Key Information - **Vulnerability Type**: Stored DOM XSS - **Trigger Condition**: When the "Insert Prompt as Rich Text" feature is enabled, the vulnerability is triggered by inserting malicious HTML into the prompt body to manipulate the DOM. - **Affected Versions**: = 0.6.35 ### Vulnerability Description - **Functional Vulnerability**: When the "Insert Prompt as Rich Text" feature is enabled, user-controlled HTML is assigned to a DOM element's `innerHTML` without meaningful sanitization, leading to a DOM XSS vulnerability. - **Impact**: Attackers can exploit this vulnerability by creating malicious prompts under a compromised user identity and sending specific commands to other users, triggering payloads and ultimately achieving remote code execution (RCE) on the server via this flaw. ### Detailed Information - **Affected Code Line**: - `open-webui/src/lib/components/common/RichTextInput.svelte`, line 348 ```javascript tempDiv.innerHTML = htmlContent; ``` - **CVE ID**: CVE-2025-64495 - **CVSS v3 Base Metrics**: - Severity: 8.7/10 - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Confidentiality: High - Integrity: High - Availability: None ### Usage and PoC - **Mitigation**: Use sanitization libraries such as DOMPurify to clean HTML output before rendering. - **PoC**: Create a custom prompt containing malicious JavaScript code, set it to "Rich Text" format, and inject it. When another user attempts to insert this prompt, the malicious code executes. - **RCE Demonstration**: When an administrator executes a request containing the following Python code, it can lead to remote command execution, granting server access. ### Impact and Remediation - **Impact**: Users running malicious prompts may have their session tokens stolen and exfiltrated by malicious JavaScript, leading to account compromise. Administrators or developers executing malicious code in their environment may suffer remote command execution. - **Remediation**: Sanitize user-controlled HTML before assigning it to `innerHTML` using DOMPurify. Low-privileged users will not have permission to create or edit such prompts; only high-privileged roles can perform these actions.