CVE-2024-12537 Overview
CVE-2024-12537 affects open-webui version 0.3.32, an open-source interface for large language models. The api/v1/utils/code/format endpoint lacks authentication controls, allowing any unauthenticated network attacker to submit requests. An attacker can send a POST request containing an excessively large payload to exhaust server resources. The server becomes unresponsive, interrupting service for legitimate users. The flaw is categorized under [CWE-770] (Allocation of Resources Without Limits or Throttling) and results in a denial of service condition.
Critical Impact
Unauthenticated remote attackers can render Open WebUI instances unresponsive by submitting oversized POST requests to an unprotected formatting endpoint.
Affected Products
- Open WebUI version 0.3.32
- Deployments exposing the api/v1/utils/code/format endpoint to untrusted networks
- Self-hosted Open WebUI instances without upstream rate limiting
Discovery Timeline
- 2025-03-20 - CVE-2024-12537 published to NVD
- 2025-04-04 - Last updated in NVD database
Technical Details for CVE-2024-12537
Vulnerability Analysis
The vulnerability resides in the api/v1/utils/code/format endpoint of open-webui 0.3.32. The endpoint accepts POST requests without verifying caller identity or applying input size limits. An attacker can submit content of arbitrary length, forcing the server to attempt processing the full payload. This consumes CPU, memory, and worker threads until the application stops responding to legitimate traffic. The EPSS score indicates a meaningful probability of exploitation activity relative to other public CVEs.
Root Cause
The root cause is the absence of authentication middleware on the code formatting route combined with missing input size validation. The endpoint trusts incoming requests and proceeds with formatting work regardless of payload size or originator. This matches the [CWE-770] pattern of unbounded resource allocation.
Attack Vector
The attack vector is network-based and requires no privileges or user interaction. An attacker locates an exposed Open WebUI instance, identifies the unauthenticated api/v1/utils/code/format endpoint, and issues a POST request with a very large body. Repeated or sufficiently large requests degrade the service or take it offline entirely. The vulnerability impacts availability only, with no confidentiality or integrity loss.
No public proof-of-concept code has been released. Refer to the Huntr Bounty Report for technical details from the original submission.
Detection Methods for CVE-2024-12537
Indicators of Compromise
- Unauthenticated POST requests to /api/v1/utils/code/format from unexpected source addresses
- HTTP request bodies exceeding normal code-formatting sizes on Open WebUI hosts
- Sudden CPU or memory saturation on the Open WebUI application process
- Health check failures or timeouts against the Open WebUI service
Detection Strategies
- Inspect web server and reverse proxy logs for high-volume or oversized POST requests to the formatting endpoint
- Correlate request spikes with application worker exhaustion and 5xx response rates
- Alert on POST requests to /api/v1/utils/code/format originating outside expected client networks
Monitoring Recommendations
- Track request rate, payload size distribution, and response latency for the api/v1/utils/code/format route
- Monitor process-level CPU, RSS memory, and worker thread counts for the Open WebUI service
- Forward web access logs to a centralized log platform for retention and anomaly review
How to Mitigate CVE-2024-12537
Immediate Actions Required
- Upgrade Open WebUI to a version released after 0.3.32 that addresses the missing authentication and input limits
- Restrict network exposure of Open WebUI to trusted clients using firewall rules or VPN access
- Place Open WebUI behind a reverse proxy that enforces authentication, request size limits, and rate limiting
Patch Information
Review the Huntr Bounty Report and the upstream open-webui repository for fix details and the first patched release. Apply the latest available version on all deployments running 0.3.32.
Workarounds
- Enforce a maximum request body size at the reverse proxy for routes under /api/v1/utils/
- Apply per-IP rate limiting on the formatting endpoint to constrain abuse
- Require authentication at the proxy layer for all Open WebUI API routes until upgrade is complete
# Nginx example: limit body size and rate for the affected endpoint
limit_req_zone $binary_remote_addr zone=owui:10m rate=5r/s;
location /api/v1/utils/code/format {
limit_req zone=owui burst=10 nodelay;
client_max_body_size 64k;
proxy_pass http://open_webui_upstream;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
