CVE-2025-62364 is a Local File Inclusion (LFI) vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting the open-source oobabooga text-generation-webui, a web interface for running Large Language Models. In versions up to 3.13, the vulnerability arises from the character picture upload feature, which improperly handles symbolic links within uploaded files. An attacker can craft and upload a text file containing a symbolic link that points to any arbitrary file path on the server's filesystem. When the application processes this upload, it follows the symbolic link and serves the contents of the linked file through the web interface. This behavior allows an unauthenticated attacker to read sensitive files without needing credentials or user interaction. The exposed files could include critical system configuration files, credential stores, or other confidential data, potentially enabling further attacks or information leakage. The vulnerability requires the attacker to have the ability to upload files to the server, which may be possible if the upload feature is publicly accessible or insufficiently protected. The issue is resolved in version 3.14 of the software. The CVSS 3.1 base score is 6.2, reflecting a medium severity with high confidentiality impact, no integrity or availability impact, low attack complexity, no privileges required, and no user interaction needed. No known exploits are currently reported in the wild.

For European organizations deploying the oobabooga text-generation-webui in versions up to 3.13, this vulnerability poses a significant risk of unauthorized disclosure of sensitive internal files. Exposure of configuration files or credentials could lead to further compromise, including privilege escalation or lateral movement within networks. Given the growing adoption of AI and LLM interfaces in research, education, and enterprise environments across Europe, organizations using this software in production or research settings could face data breaches or intellectual property theft. The vulnerability’s requirement for file upload access limits the attack surface but does not eliminate risk, especially if the upload endpoint is publicly accessible or insufficiently restricted. Confidentiality impact is high, but integrity and availability remain unaffected. The lack of authentication requirement increases risk, as any attacker with upload capability can exploit the flaw. This could undermine trust in AI platforms and lead to regulatory compliance issues under GDPR if personal or sensitive data is exposed.

The primary mitigation is to upgrade the oobabooga text-generation-webui to version 3.14 or later, where the vulnerability is fixed. Until upgrade is possible, organizations should restrict or disable the character picture upload feature, especially on publicly accessible instances. Implement strict access controls and authentication on the upload endpoint to prevent unauthenticated uploads. Employ file type validation and disallow symbolic link files or any file types that can contain links. Monitor logs for suspicious upload activity and access to sensitive files. Use web application firewalls (WAFs) to detect and block attempts to exploit symbolic link traversal. Conduct regular security audits of AI platform deployments and isolate these services within segmented network zones to limit exposure. Educate administrators and users about the risks of uploading untrusted files. Finally, maintain up-to-date backups and incident response plans in case of compromise.