CVE-2025-63391
| CVE ID | CVE-2025-63391 |
| Vendor Disposition | Rejected — mischaracterized |
| Published | 2025-12-18 |
| Issuing CNA | MITRE (CISA-ADP) |
| Claimed Severity | High (CVSS 7.5 — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) |
| CWE | CWE-306 (Missing Authentication for Critical Function) |
What the CVE Claims
The /api/config endpoint in Open WebUI ≤0.6.32 allegedly lacks proper authentication and authorization controls, exposing sensitive system configuration data to unauthenticated remote attackers.
Why This Is Not a Vulnerability
The /api/config endpoint is, by design, accessible to unauthenticated callers. It serves the small set of public information required by Open WebUI's front-end before a user is authenticated — namely the application name, locale, version, list of enabled OAuth provider names (without secrets), and feature flags such as enable_signup and enable_ldap that the login UI must read in order to render correctly. This is analogous to a /.well-known/ discovery document or a /api/v1/info endpoint that many web applications expose without authentication for client bootstrapping.
Sensitive Fields Are Properly Gated
The endpoint contains an explicit role-gated branch in its response handler. Sensitive fields — including but not limited to OAuth client identifiers and secrets, Google Drive credentials, OneDrive credentials, SharePoint configuration, default model identifiers, pinned models, and user counts — are returned only when the request carries a valid authenticated session for an admin or user role. The relevant conditional in the codebase is if user is not None and (user.role in ['admin', 'user']). Sensitive fields are not returned to unauthenticated callers under any code path.
CWE-306 Is Incorrectly Applied
The CWE-306 ("Missing Authentication for Critical Function") characterization is incorrect on two grounds:
- The endpoint is not a "critical function." It is a public discovery endpoint returning client-bootstrap information.
- The endpoint does not "miss" authentication. It is intentionally unauthenticated for bootstrap data, with sensitive fields properly gated behind authentication via the role check.
Applicable Security Policy Rules
- Rule 7: The report mischaracterizes a deliberately public discovery endpoint as an authentication-bypass vulnerability.
- Rule 1: Expected protocol behavior is not a vulnerability.
Disclosure Pathway
No report corresponding to this CVE was filed through the project's official reporting channel (GitHub Security Advisories) prior to publication.
Impact to Users
No action required. The /api/config endpoint returns only public bootstrap information to unauthenticated callers. Sensitive configuration fields are gated behind authentication and are not exposed.