CVE-2025-29446 is a Server-Side Request Forgery (SSRF) vulnerability identified in the open-webui project, specifically in version 0.5.16. The vulnerability exists within the routers/ollama.py file in the function verify_connection. SSRF vulnerabilities occur when an attacker can manipulate a server to make HTTP requests to arbitrary domains or IP addresses, potentially accessing internal systems or services that are otherwise inaccessible externally. In this case, the vulnerability allows an attacker with limited privileges (as indicated by the CVSS vector requiring low privileges) to induce the server to send crafted requests. The CVSS score of 3.3 (low severity) reflects that the impact is limited to confidentiality with no direct impact on integrity or availability, and exploitation does not require user interaction. The vulnerability is classified under CWE-918, which corresponds to SSRF. There are no known exploits in the wild at this time, and no patches have been linked or published yet. The vulnerability was reserved in March 2025 and published in April 2025. The affected product is open-webui, a web user interface framework or tool, though specific vendor or product details are not provided. The attack vector is local (AV:L), meaning the attacker must have some level of access to the system or network where open-webui is deployed. The vulnerability does not require user interaction and has low complexity for exploitation, but the scope is limited to confidentiality breaches without affecting integrity or availability.

For European organizations, the impact of this SSRF vulnerability depends largely on the deployment of open-webui version 0.5.16 within their infrastructure. If open-webui is used internally to manage or interface with sensitive systems, this vulnerability could allow attackers with limited access to probe internal networks, potentially accessing sensitive internal endpoints or metadata services. This could lead to unauthorized information disclosure, such as internal IP addresses, service endpoints, or configuration details, which could be leveraged for further attacks. However, since the vulnerability does not affect integrity or availability, the immediate risk of service disruption or data manipulation is low. European organizations with strict data protection regulations (e.g., GDPR) must consider the confidentiality impact seriously, as any unauthorized data access could lead to compliance issues and reputational damage. The requirement for local access reduces the risk of remote exploitation, but insider threats or compromised internal accounts could exploit this vulnerability. The absence of known exploits in the wild suggests limited current threat activity, but proactive mitigation is advisable.

1. Restrict access to systems running open-webui to trusted users and networks only, minimizing the risk of local attackers exploiting the SSRF vulnerability. 2. Implement strict network segmentation and firewall rules to limit the ability of compromised systems to reach sensitive internal services that could be targeted via SSRF. 3. Monitor and log all outgoing HTTP requests from open-webui to detect unusual or unauthorized request patterns that may indicate exploitation attempts. 4. Apply input validation and sanitization in the verify_connection function or related code to ensure that user-supplied URLs or parameters cannot be manipulated to trigger SSRF. 5. Stay alert for official patches or updates from the open-webui maintainers and apply them promptly once available. 6. Conduct internal security assessments and penetration tests focusing on SSRF vectors in open-webui deployments to identify and remediate weaknesses. 7. Educate internal users and administrators about the risks of SSRF and the importance of limiting access to vulnerable systems.