CVE-2025-15603
| CVE ID | CVE-2025-15603 |
| Vendor Disposition | Rejected — practically unexploitable |
| Published | 2026-03-09 |
| Issuing CNA | VulDB (originating from huntr.com) |
| Claimed Severity | Low (CVSS 3.7 — CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) |
| CWE | CWE-330 (Use of Insufficiently Random Values) |
What the CVE Claims
The Windows shell variable %RANDOM% is used in backend/start_windows.bat to derive a fallback WEBUI_SECRET_KEY, producing insufficiently random values that could allow JWT forgery.
Why This Is Not a Vulnerability
start_windows.bat is one of three documented startup mechanisms for Open WebUI. Its first line carries the comment "This method is not recommended, and we recommend you use the start.sh file with WSL instead," but it is a fully supported startup script.
The Cited Code Path Is a First-Run Fallback
The %RANDOM% path runs only when both of the following are simultaneously true:
- The operator has not provided
WEBUI_SECRET_KEYvia environment variable. - No
.webui_secret_keyfile exists on the host.
In this first-run setup state, the script generates an on-disk key file by appending the value of %RANDOM% twelve times, persists the result to .webui_secret_key, and reads from that persisted file on every subsequent invocation. The %RANDOM% path is reached at most once per host, in the absence of any operator configuration, and is bypassed entirely on every subsequent run and in every deployment where the operator has set WEBUI_SECRET_KEY — which is the documented production guidance.
Entropy Analysis
%RANDOM% returns 0–32767 (15 bits). Twelve concatenated values yield approximately 180 bits of total entropy. While the underlying generator is a non-cryptographic PRNG seeded from system time, practical exploitation would require an attacker to determine the exact second the script first ran on the target host (to estimate the seed), plus pre-existing network access to test forged tokens. VulDB's own CVSS rating of 3.7 (LOW) reflects this.
Other Startup Mechanisms Use Cryptographic Entropy
The other two supported startup mechanisms — start.sh and open-webui serve — both use cryptographic-strength entropy: start.sh generates from /dev/random, and open-webui serve uses random.randbytes(12) via Python's random module.
Applicable Security Policy Rules
- Rule 1: Configuration options and expected protocol behavior are not vulnerabilities. A setup-time entropy property of a first-run fallback is a configuration concern.
- Rule 6: The cited path manifests only in a particular first-run state and is bypassed by every documented production configuration.
Disclosure Pathway
No report corresponding to this CVE was filed through the project's official reporting channel (GitHub Security Advisories) prior to publication.
Impact to Users
No action required for the vast majority of deployments. If you are running Open WebUI via start_windows.bat without having set WEBUI_SECRET_KEY in the environment, the generated key file (.webui_secret_key) provides adequate entropy for typical deployments. For high-security environments, set WEBUI_SECRET_KEY explicitly — which is the documented production guidance regardless of startup mechanism.