A high-severity vulnerability has been identified in the Open WebUI component, affecting multiple Open products. This flaw allows an unauthenticated remote attacker to execute arbitrary commands on the underlying server, which could lead to a complete system compromise, data theft, and significant service disruption. Organizations are urged to apply security patches immediately to mitigate this critical risk.

The vulnerability is a command injection flaw within the install_frontmatter_requirements function of the Open WebUI. An unauthenticated remote attacker can send a specially crafted request containing malicious input. This input is not properly sanitized before being used to construct a shell command for installing PIP packages, allowing the attacker to inject and execute arbitrary system commands with the privileges of the web server process. This can lead to a full Remote Code Execution (RCE) on the affected server.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant threat to the organization. Successful exploitation could lead to a complete compromise of the affected server, granting an attacker control over the system. Potential consequences include unauthorized access to and exfiltration of sensitive corporate or customer data, deployment of ransomware, disruption of critical business services hosted on the server, and using the compromised system as a pivot point to attack other internal network resources. The reputational and financial damage resulting from such a breach could be substantial.

Immediate Action: Apply the security patches released by the vendor immediately, prioritizing all internet-facing systems. After patching, review web server and application access logs for any signs of compromise or exploitation attempts that may have occurred prior to remediation.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes looking for unusual child processes spawned by the web application process (e.g., sh, bash, curl, wget), unexpected outbound network connections from the server, and reviewing web application firewall (WAF) and access logs for requests containing shell command characters (e.g., |, &&, ;) targeted at the WebUI endpoint.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rules to block requests containing command syntax and suspicious strings.
• Restrict outbound network traffic from the affected server to only essential destinations, which can help prevent attackers from establishing reverse shells or exfiltrating data.
• If the install_frontmatter_requirements functionality is not required, consider disabling it at the application or network level.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical impact of remote code execution, this vulnerability requires immediate attention. We strongly recommend that all organizations using affected Open products apply the vendor-supplied patches without delay, starting with internet-exposed systems. While this CVE is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion if widespread exploitation is observed. Proactive patching and monitoring are essential to prevent a potentially severe security breach.