blog

Focus Friday: TPRM Insights on SharePoint, MSSQL, Kibana, Django, and Open WebUI

Published

Nov 14, 2025

Updated

Nov 14, 2025

Authors

Ferdi Gül & Hakan Karabacak

Introduction
CVE-2025-62204 (Microsoft SharePoint - Nov2025)
CVE-2025-59499 (Microsoft SQL Server)
CVE-2025-59840 & CVE-2025-37734 (Elastic Kibana - Nov2025)
CVE-2025-64459 & CVE-2025-64458 (Django - Nov2025)
CVE-2025-64495 (Open WebUI)
Enhancing Third-Party Risk Management with Black Kite's FocusTags™
About Focus Friday
FocusTags™ in the Last 30 Days
References

See Black Kite in action

BOOK A DEMO

INTRODUCTION

Welcome to this week’s edition of Focus Friday, where we analyze high-profile vulnerabilities from a Third-Party Risk Management (TPRM) perspective and highlight how these issues may affect your vendor ecosystem. This week’s FocusTags spotlight several widely used enterprise technologies — Microsoft SharePoint, Microsoft SQL Server, Elastic Kibana, Django, and Open WebUI. Each of these platforms plays a critical role in modern infrastructure, and newly disclosed vulnerabilities in them carry meaningful security implications for organizations and their third-party partners.

In this edition, we break down the technical details, assess the potential business impacts, and emphasize the questions and remediation steps that TPRM teams should prioritize. We conclude with how Black Kite’s FocusTags™ help operationalize these insights and strengthen your overall TPRM program.

Filtered view of companies with Microsoft SharePoint - Nov2025 FocusTag™ on the Black Kite platform.

CVE-2025-62204 (Microsoft SharePoint - Nov2025)

What is the vulnerability in Microsoft Office SharePoint?

The vulnerability tracked as CVE‑2025‑62204 is a deserialization of untrusted data flaw in Microsoft Office SharePoint. It allows an attacker who is already authorized (i.e., has some level of access) to execute code remotely over the network. According to the tag text, the CVSS score is 8.0 and the EPSS score is 0.32% (as supplied in the FocusTag).
The vulnerability was published on 2025-11-12 (per the tag text).
There is no public proof-of-concept exploit reported yet and no indicators of active exploitation by threat actors at this time (per the FocusTag text). The flaw is not listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog, and no CISA advisory mention specific to this CVE is externally documented (no KEV entry found).
Affected versions include:

SharePoint Server 2019 from 16.0.0 up to 16.0.5526.1001
SharePoint Server Subscription Edition from 16.0.0 up to 16.0.10417.20068
“Other SharePoint versions” from 16.0.0 up to 16.0.19127.20338
(as per the FocusTag text).
Given the severity (8.0) and remote code execution potential, this is a high-risk vulnerability for on-premises SharePoint deployments.

Why should TPRM professionals care?

From a Third-Party Risk Management (TPRM) standpoint, this vulnerability matters because many vendors in a supply chain may expose on-premises SharePoint instances for collaboration, document storage and internal portals. An exploited RCE in SharePoint means that a vendor could suffer confidentiality, integrity, and availability impacts: sensitive documents or internal assets could be exposed, malicious code execution could lead to lateral movement or infrastructure takeover, and the vendor’s compromised infrastructure could be used to inject malicious content or attack other connected systems (including yours).
Because this vulnerability requires authorized access, the vendor’s access control posture and internal privilege model become critical for understanding the exposure. If the vendor has publicly reachable SharePoint servers, insufficient network segmentation or weak privilege management, then the vendor’s infrastructure becomes a higher-risk asset in your ecosystem.

Questions you should ask your vendors

Here are targeted questions you can pose to vendors that may operate on-premises SharePoint:

Have you updated all instances of Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition, and other SharePoint versions to versions beyond 16.0.5526.1001, 16.0.10417.20068, and 16.0.19127.20338 respectively to mitigate the risk of CVE-2025-62204?
Have you implemented secure deserialization methods and proper validation of untrusted data before deserialization in your application code and configurations to prevent exploitation of the Deserialization of Untrusted Data vulnerability in Microsoft Office SharePoint?
Are you actively monitoring for anomalous activity, suspicious code execution, or privilege escalation attempts in your Microsoft Office SharePoint environments as a measure against potential exploitation of CVE-2025-62204?
Have you restricted network access to your Microsoft Office SharePoint instances to only trusted users and systems to reduce the attack surface and potential impact of CVE-2025-62204?

Remediation recommendations for vendors

To mitigate the risk posed by CVE-2025-62204, vendors should consider the following steps:

Apply Microsoft’s official security update as soon as it is released for your affected SharePoint version. (The FocusTag text already advises applying updates immediately.)
Implement the principle of least privilege: ensure user accounts (especially those with access to SharePoint instances) have only the permissions they need and no more.
Review network access: restrict which systems and networks can connect to the SharePoint servers. If possible, limit external access and ensure internal segmentation.
Monitor for unusual activity: enable detailed logging on the SharePoint servers, monitor for signs of unexpected code execution, privilege escalation or abnormal user behaviour.
Review deserialization and input validation practices: ensure that any custom SharePoint extensions, plugins or web parts validate input, avoid insecure deserialization patterns and follow secure coding best-practices to reduce the attack surface.

How TPRM professionals can leverage Black Kite for this vulnerability

With the FocusTag published by Black Kite, TPRM teams get a streamlined way to identify which of their third-party vendors may be vulnerable. Black Kite’s value here lies in narrowing the scope: instead of sending questionnaires to every vendor, you can use Black Kite’s intelligence to highlight vendors that host vulnerable SharePoint asset(s) (e.g., on-premises SharePoint deployments in the affected version ranges). For those vendors, you can ask the questions above, prioritise remediation timelines, monitor asset lists (IPs, subdomains) flagged by Black Kite, and reduce follow-up fatigue by focusing on truly relevant vendors. If you already use Black Kite’s vendor scoring and asset-mapping capabilities, then this FocusTag can trigger alerts and workflow tasks when a vendor appears to have the version/risk combination described in the tag.

Black Kite’s Microsoft SharePoint - Nov2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-59499 (MSSQL - Nov2025)

What is the SQL injection vulnerability in Microsoft SQL Server?

CVE-2025-59499 is an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)vulnerability (CWE-89) in Microsoft SQL Server. It allows an authenticated attacker with low privileges to inject crafted T-SQL via a malicious database name and execute arbitrary commands with the privileges of the SQL Server process. In many configurations this can ultimately lead to sysadmin-level control of the database environment.

Microsoft classifies this issue as HIGH severity, with a CVSS v3.1 base score of 8.8. The FocusTag provides an EPSS score of 0.07%, indicating a currently low—but non-zero—predicted likelihood of exploitation in the near term.

The vulnerability record was added to NVD on 2025-11-11 and last modified on 2025-11-12, which means it is a very recent issue at the time of writing (within the past week).

Key points from current intelligence and the FocusTag text:

Type: SQL Injection leading to Elevation of Privilege (potential sysadmin).
Severity: High (CVSS 8.8).
EPSS: 0.07% (from the FocusTag).
Discovery / publication: Published in NVD on 2025-11-11; Microsoft advisory dated 2025-11-12.
Exploitation status:
- No public Proof-of-Concept (PoC) has been disclosed as of 2025-11-13 (per FocusTag).
- No confirmed reports of active exploitation by threat actors at this time.
CISA KEV / advisories:
- Not currently listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
- No CISA advisory specifically referencing CVE-2025-59499 could be found as of 2025-11-13.

Affected versions (from Microsoft and the FocusTag) include multiple supported SQL Server branches where builds are below the following patched levels:

SQL Server 2022
- Vulnerable: 16.0.4003.1–16.0.4215.2, 16.0.1000.6–16.0.1150.1
- Patched: CU21+GDR → 16.0.4222.2, RTM+GDR → 16.0.1160.1
SQL Server 2019
- Vulnerable: 15.0.4003.23–15.0.4445.1, 15.0.2000.5–15.0.2145.1
- Patched: CU32+GDR → 15.0.4455.2, RTM+GDR → 15.0.2155.2
SQL Server 2017
- Vulnerable: 14.0.3006.16–14.0.3505.1, 14.0.1000.169–14.0.2085.1
- Patched: CU31+GDR → 14.0.3515.1, RTM+GDR → 14.0.2095.1
SQL Server 2016
- Vulnerable: 13.0.7000.253–13.0.7065.1, 13.0.6300.2–13.0.6470.1
- Patched: Azure Connect Feature Pack+GDR → 13.0.7070.1, SP3 RTM+GDR → 13.0.6475.1

Older, unsupported SQL Server versions fall outside the patch matrix and should be considered inherently higher risk, as they will not receive fixes for CVE-2025-59499.

Why should TPRM professionals care about CVE-2025-59499?

SQL Server often holds the crown jewels of a vendor’s environment: production application data, customer records, financial information, telemetry, and more. CVE-2025-59499 enables an authenticated attacker to escalate from a low-privileged database user to effective full control of the database engine. That can translate into:

Exfiltration or tampering with sensitive data stored on behalf of your organization.
Deployment of malicious objects (procedures, jobs, extended procedures) that persist long after the initial compromise.
Piggy-backing on the SQL Server’s privileged position inside the network to move laterally, especially when SQL Server has links to other servers or runs under high-privilege service accounts.
Disruption of services if the attacker chooses to drop or corrupt critical schemas and tables.

From a third-party risk point of view, this makes unpatched SQL Server instances a powerful stepping stone for attackers inside a vendor’s infrastructure. Even though exploitation requires authentication, many real-world breaches start from compromised application credentials, stolen connection strings, or misconfigured service accounts. In that scenario, a flaw like CVE-2025-59499 becomes the bridge from “limited application user” to “full database and potentially OS-level compromise”.

If a vendor hosts systems where your data or transaction flows depend on SQL Server—and especially if they expose SQL Server to internet-reachable applications or data pipelines—this vulnerability should factor into how you prioritize that vendor in your risk treatment plans.

What questions should TPRM professionals ask vendors about CVE-2025-59499?

When you identify vendors tagged with MSSQL – Nov2025, consider asking focused questions like:

Can you confirm if you have updated all instances of Microsoft SQL Server to the patched versions specified for each version (SQL Server 2022: 16.0.4222.2, 16.0.1160.1; SQL Server 2019: 15.0.4455.2, 15.0.2155.2; SQL Server 2017: 14.0.3515.1, 14.0.2095.1; SQL Server 2016: 13.0.7070.1, 13.0.6475.1) to mitigate the risk of CVE-2025-59499?
Have you reviewed and restricted user privileges on all SQL Server instances to the minimum required for their tasks, as recommended to minimize the potential impact of a successful exploit of the SQL Injection vulnerability (CVE-2025-59499)?
Have you determined your SQL Server installation's update path (GDR or CU) and applied the corresponding update package to patch the SQL Injection vulnerability (CVE-2025-59499)?
If your SQL Server version is not listed in the update table and is no longer supported, have you planned and executed an upgrade to a supported Service Pack or SQL Server product to apply this and future security updates?

Remediation recommendations for vendors subject to this risk

Vendors should take concrete, technical steps to eliminate or reduce exposure to CVE-2025-59499:

Patch to the correct build path (CU or GDR) for each instance
- Identify whether each SQL Server instance is on the GDR or CU servicing branch and apply the appropriate update (e.g., CU32+GDR for SQL Server 2019, CU21+GDR for SQL Server 2022). Confirm success using SELECT @@VERSION and compare against the patched build numbers listed in Microsoft’s guidance.
Tighten privileges for database users and service accounts
- Review all logins and users with the ability to create or rename databases or to execute arbitrary T-SQL. Remove unnecessary rights, especially in environments that host multi-tenant or shared workloads.
Audit database naming and configuration
- Since this issue is triggered via specially crafted database names, review recent database creation/rename events, and enforce naming conventions that cannot be arbitrarily controlled by low-privileged actors.
Harden network exposure
- Limit inbound access to SQL Server to trusted application tiers and administration networks. Block direct database connections from untrusted networks wherever possible, and ensure TLS is enforced on all connections.
Enhance monitoring and logging
- Enable and centralize SQL Server audit logs for events such as role changes (e.g., additions to sysadmin), unusual DDL, and creation of unrecognized databases. Integrate those logs with SIEM or alerting workflows so security teams can react quickly to anomalies.

How TPRM professionals can leverage Black Kite for this vulnerability

Black Kite’s MSSQL – Nov2025 FocusTag is designed to help TPRM teams quickly understand which vendors may be running SQL Server builds affected by CVE-2025-59499. Instead of manually surveying your entire vendor population, you can:

Identify the subset of vendors with exposed or discoverable SQL Server assets that fall into the affected version ranges. Black Kite’s external intelligence—such as IP addresses and subdomains that resolve to SQL Server services—highlights where SQL Server is actually in use and at risk.
Prioritize outreach and questionnaires for only those vendors tagged with MSSQL – Nov2025, reducing noise for both your team and vendors who are not exposed.
Track remediation progress over time by monitoring when tagged vendors move their SQL Server instances to patched builds and by watching for tag expiration or updates.
Integrate FocusTags into internal workflows, such as creating tickets in your risk register, triggering enhanced due-diligence steps for high-impact vendors, or flagging critical data-processing relationships where SQL Server is in scope.

Black Kite’s MSSQL - Nov2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-59840 & CVE-2025-37734 (Elastic Kibana - Nov2025)

What are the SSRF and XSS vulnerabilities in Kibana?

Two vulnerabilities in Kibana (the visualization component of the Elastic Stack) are captured by this FocusTag:

CVE-2025-59840 is rated HIGH (CVSS 8.7) and describes an improper input sanitization flaw in Kibana’s Vegavisualization engine that enables DOM-based Cross-Site Scripting (XSS). According to the tag text, the EPSS is 0.05%.
CVE-2025-37734 is rated MEDIUM (CVSS 4.3) and is a Server-Side Request Forgery (SSRF) vulnerability triggered by a forged “Origin” HTTP header processed via the Observability AI Assistant feature in Kibana. The EPSS for this one is 0.02%.

Discovery and publication:

The FocusTag date is 2025-11-13, indicating very recent discovery or disclosure.
No public proof-of-concept exploits have been reported for either vulnerability per the tag text.
These vulnerabilities are not listed in Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities (KEV) catalog.
Affected versions: Kibana prior to 8.19.7, 9.1.7 and 9.2.1 (for example, all versions up to 8.19.6, 9.1.6, and 9.2.0).
- For example, “Kibana versions prior to 8.19.7 / prior to 9.1.7 / prior to 9.2.1”.
Although public exploitation is not documented yet, the presence of SSRF or XSS in a widely-used visualization tool means the potential for data leakage or browser-based compromise is non-trivial.

In summary: while the SSRF (CVE-2025-37734) has a lower score and may appear less immediately dangerous, the XSS via Vega engine (CVE-2025-59840) presents a significant risk (CVSS 8.7) because it enables malicious JavaScript execution in user browsers and potentially pivots to further compromise.

Why should TPRM professionals care about these Kibana vulnerabilities?

From a third-party risk perspective, Kibana is frequently used by vendors and service providers to present dashboards, analytics and logs – including for your organization’s data. If a vendor’s deployment of Kibana is vulnerable:

The XSS vulnerability (CVE-2025-59840) means an attacker could embed malicious scripts in dashboards or visualizations, and thereby compromise sessions of administrators or users who interact with those dashboards. That can lead to session hijacking, credential theft, or pivoting into other systems.
The SSRF vulnerability (CVE-2025-37734) allows the server component to fetch internal resources or transmit sensitive data to an attacker-controlled endpoint if mis-configured. This can bypass network segmentation or expose internal assets that should have been shielded.
Because Kibana is often tied to logging, monitoring, alerting and sometimes re-exposing backend data, a successful compromise may allow attackers to manipulate or hide indicators of compromise, tamper with logs, or use the vendor’s dashboards as a staging area for malicious payloads.
From a TPRM lens, even if your vendor’s hosted application is unaffected, if they use Kibana for any part of their infrastructure (including internal operations), you must consider whether your data, dashboards or integrated logging flows run through vulnerable instances.

Given that both vulnerabilities affect versions that many vendors may still be running — especially in self-hosted or legacy environments — these exposures should surface in third-party questionnaires, vendor audits and risk-tiering frameworks.

What questions should TPRM professionals ask vendors about these vulnerabilities?

Here are some focused questions you can pose to affected vendors:

Have you upgraded all instances of Kibana to versions 8.19.7, 9.1.7, or 9.2.1 to mitigate the risk of CVE-2025-37734 and CVE-2025-59840?
If you are unable to upgrade immediately, have you disabled Vega visualizations by setting `vis_type_vega.enabled: false` in the configuration file as an interim mitigation measure against CVE-2025-59840?
Can you confirm if you have taken measures to prevent Server-Side Request Forgery (SSRF) vulnerability, specifically related to the Observability AI Assistant in Kibana, as outlined in CVE-2025-37734?
Have you implemented any additional security measures to prevent data exfiltration or arbitrary JavaScript execution, specifically in relation to the vulnerabilities identified in CVE-2025-37734 and CVE-2025-59840?

Remediation recommendations for vendors subject to this risk

To mitigate these exposures, vendors should undertake the following actions:

Upgrade Kibana immediately to at least version 8.19.7, 9.1.7 or 9.2.1 (or later) to cover both vulnerabilities as listed in the FocusTag.
Disable risky features where immediate patching isn’t possible: for instance, disable the Vega visualization engine via vis_type_vega.enabled: false in kibana.yml (mobile chart features will be disabled but risk reduced). Also evaluate disabling the Observability AI Assistant if not needed.
Harden access to the Kibana UI: restrict dashboard access to trusted administrative networks, enforce strong authentication (MFA), review privilege assignments (minimise dashboard editing privileges), and ensure session cookies and XSS protections (CSP, secure flags) are in place.
Audit dashboard visualizations and code: review all custom dashboards, plugins or Visual Vega charts for untrusted input paths, remove or sanitize any user-supplied content in dashboard widgets, ensure there is no uncontrolled user upload of visualisation scripts.
Monitor logging and alerting: ensure ingestion of Kibana access logs, monitor for unusual patterns (e.g., large numbers of fetches internal to the server, changed dashboards, new visualisations that embed scripts), and set alerts for significant events.

How TPRM professionals can leverage Black Kite for this vulnerability

The FocusTag Elastic Kibana – Nov2025 is a tool for TPRM teams to triage which vendors may be at risk. With it you can:

Identify vendors in your ecosystem whose external-facing assets or known internal deployments include Kibana versions in the vulnerable range. Black Kite’s intelligence may surface IPs or subdomain mappings of vendors running Kibana.
Prioritize vendor outreach: only vendors matching the “Kibana version < 8.19.7 or < 9.1.7/9.2.1” and using Vega or Observability AI Assistant features need full escalations, thus reducing questionnaire fatigue.
Track remediation progress: you can tag vendor responses and correlate with Black Kite’s monitoring to see when builds are upgraded, Vega disabled, or network protections improved.
Automate workflow integration: when a vendor is flagged by the FocusTag, trigger a workflow (e.g., vendor risk tier refresh, questionnaire additional controls, escalation to vendor management) and mark the vendor for follow-up.

Black Kite’s Elastic Kibana - Nov2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-64459 & CVE-2025-64458 (Django - Nov2025)

What are the SQL Injection and DoS vulnerabilities affecting Django?

CVE-2025-64459 is a high-severity SQL Injection vulnerability in Django’s ORM, affecting commonly used query methods such as QuerySet.filter(), exclude(), get(), and the Q() object when used with dictionary expansion via the _connectorkeyword. Because the contents of _connector can influence SQL expression construction, improper sanitization allows attackers to inject crafted SQL fragments. If exploited, this flaw enables unauthorized database manipulation — including data exposure, modification, or deletion — depending on the application’s permission model and the underlying database configuration.

CVE-2025-64458 is a Denial-of-Service vulnerability impacting Django deployments running on Windows systems. The issue stems from inefficient NFKC Unicode normalization within Python, making redirect-related functions — HttpResponseRedirect, HttpResponsePermanentRedirect, and redirect() — vulnerable to excessive CPU consumption. An attacker supplying URLs containing extremely large volumes of Unicode characters can significantly degrade application performance or cause service disruption.

Both vulnerabilities were disclosed on November 5, 2025, within the Django security advisory. There is no public Proof-of-Concept, nor any indication of active exploitation. Neither CVE appears in CISA’s KEV catalog at the time of publication, and no related U.S. government advisories have been issued.

Why should TPRM professionals pay attention to these Django vulnerabilities?

Django is widely deployed across SaaS providers, customer portals, authentication systems, and API-driven platforms. A SQL injection flaw in such environments introduces cross-vendor risks due to the potential for unauthorized database access. Depending on the vendor’s architecture, exploitation could expose sensitive records, compromise business logic, or enable attackers to escalate privileges within backend services.

For organizations whose vendors run Django applications on Windows infrastructure, the DoS vulnerability raises operational concerns. A crafted URL could cause severe resource exhaustion, resulting in stalled services, failed transactions, or outages across customer-facing platforms. In ecosystems where Django forms part of critical workflows — such as financial platforms, healthcare applications, or identity systems — these vulnerabilities warrant immediate attention.

What questions should TPRM professionals ask vendors regarding these Django vulnerabilities?

Before accepting vendor assurances, TPRM teams should request clarity on technical exposure and mitigation steps. Consider asking:

Have you upgraded your Django installations to the patched versions 5.2.8, 5.1.14, or 4.2.26 to mitigate the potential risks posed by the SQL injection vulnerability (CVE-2025-64459) and the Denial-of-Service vulnerability (CVE-2025-64458)?
Are you monitoring the performance of your Django applications running on Windows hosts for unusual CPU spikes associated with HTTP redirect handling, which could indicate a Denial-of-Service attack as per CVE-2025-64458?
For applications leveraging `QuerySet.filter()`, `QuerySet.exclude()`, `QuerySet.get()`, and the `Q()` class with dictionary expansion via the `_connector` keyword, have you implemented measures to sanitize all arguments' contents to prevent SQL injection attempts as per CVE-2025-64459?
If you are using the Django main branch or 6.0 beta, have you ensured that the latest security updates released by the Django Software Foundation are applied to mitigate the risks of CVE-2025-64459 and CVE-2025-64458?

Remediation recommendations for vendors subject to this risk

Vendors using Django should take immediate action to minimize exposure:

Upgrade to patched versions of Django (5.2.8, 5.1.14, or 4.2.26), or apply the latest updates if running the main branch or Django 6.0 beta.
Audit ORM usage, especially where _connector keyword arguments or dynamically constructed queries are used, ensuring strict sanitization of all dictionary-expanded input.
Enable performance monitoring for Windows deployments to detect abnormal CPU consumption associated with redirect functions.
Harden database access controls, limiting the blast radius of any attempted SQL injection by restricting user permissions and ensuring principle-of-least-privilege configuration.
Review URL-handling logic and consider rate-limiting or input-limiting mechanisms to prevent resource exhaustion.

How can TPRM professionals leverage Black Kite for these Django vulnerabilities?

Black Kite published the Django – Nov2025 Focus Tag on November 7, 2025, allowing organizations to identify which vendors may be operating vulnerable Django versions or hosting exposed infrastructure. The platform correlates technology fingerprinting with publicly accessible assets, enabling teams to determine whether any vendor has internet-facing systems at risk due to these vulnerabilities.

TPRM teams can use the Focus Tag to:

Quickly identify vendors using affected Django versions.
Prioritize outreach to vendors with public-facing Django applications.
Obtain IP addresses, domains, and subdomains tied to vulnerable deployments.
Track remediation progress as vendors apply patches or reconfigure affected services.

Black Kite’s Django - Nov2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-64495 (Open WebUI)

What is the vulnerability in Open WebUI?

The vulnerability identified as CVE-2025-64495 is a stored DOM-based Cross-Site Scripting (XSS) flaw in the open-source platform Open WebUI (versions ≤ 0.6.34). The issue arises when the “Insert Prompt as Rich Text” feature is enabled: the prompt content is inserted into the DOM via .innerHTML without proper sanitization.

Severity level: High (CVSS 3.1 base score 8.7)
EPSS: 0.03% (as per the FocusTag text)
When published: The vulnerability was publicly disclosed on or around November 8, 2025.
Exploited in the wild? Proof-of-Concept (PoC) exploits are available. However, there is no documented campaign or threat actor activity publicly attributed as of now.
CISA’s KEV Catalog: It is not listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. FocusTag text confirms this.
Advisory from CISA: No specific advisory by CISA appears to be published for this CVE at this time.

Key impact details:

Any user with permission to create prompts in Open WebUI and with the “Insert Prompt as Rich Text” feature enabled can craft a malicious prompt containing HTML/JavaScript payloads that persist. When another user runs the corresponding /command to pull in that prompt, the payload executes in their browser context.
Because Open WebUI supports administrative functions (for example Python “Functions” modules per PoC write-ups), the DOM XSS can escalate: a compromised admin user may execute backend code, leading to Remote Code Execution (RCE) or full account takeover (ATO) of the platform.
Affected versions: Open WebUI versions ≤ 0.6.34. The fix is available in version 0.6.35.

Why should TPRM professionals care about CVE-2025-64495?

From a third-party risk management (TPRM) standpoint, this vulnerability is particularly noteworthy because Open WebUI is often used by vendors or service providers for internal AI/LLM chat interfaces, prompt libraries and collaboration tooling. The implications for your vendor ecosystem include:

A malicious actor exploiting this vulnerability could take over a user account in the vendor’s environment, which may have access to sensitive dashboards, data or connections to your systems.
If the vendor uses Open WebUI for shared services, internal knowledge bases, or partner-facing applications, this XSS + RCE chain could enable an attacker to deploy backdoors, exfiltrate data, or impersonate the vendor, thereby affecting the trust boundary with your organization.
Because the vulnerability is exploitable (PoC exists) and requires relatively low privileges (prompt creation rights) combined with a configuration setting (“Insert Prompt as Rich Text”), the risk is not purely theoretical.
In TPRM frameworks, this vulnerability should trigger heightened scrutiny of vendors that rely on Open WebUI (or similar tools), especially if they host any external-facing prompt portals or allow multiple users to create custom prompt content.

By proactively identifying vendors with this exposure, you can reduce the chance that one such compromised vendor introduces risk into your supply chain or data environment.

What questions should TPRM professionals ask vendors about this vulnerability?

Here are focused questions you can include in your vendor-risk questionnaire or audit for vendors using Open WebUI:

Can you confirm if you have upgraded your Open WebUI installation to version 0.6.35 or later to mitigate the risk of CVE-2025-64495?
Have you reviewed and restricted user permissions to ensure that only trusted users have the necessary permissions to create and manage custom prompts within Open WebUI?
Have you disabled the \"Insert Prompt as Rich Text\" feature in Open WebUI as a temporary mitigation measure against the Stored DOM XSS vulnerability (CVE-2025-64495)?
Can you confirm if you have implemented any additional security measures to prevent the injection of arbitrary HTML or JavaScript into the chat window via the 'Insert Prompt as Rich Text' setting in Open WebUI?

Remediation recommendations for vendors subject to this risk

To reduce risk from CVE-2025-64495, vendors should adopt the following mitigation steps:

Upgrade immediately to Open WebUI version 0.6.35 or newer for all environments—production, staging, user-facing, internal.
Disable the “Insert Prompt as Rich Text” feature if immediate upgrade is not possible; this acts as a stop-gap while the patch is deployed. (Noted in the FocusTag text)
Limit prompt-creation permissions: restrict the set of users who can create or modify prompts to a trusted group, and review which roles have “prompt builder” rights.
Review prompt libraries: perform a one-time audit of all existing stored prompts, especially those created by non-admin users or external parties, for embedded HTML/JavaScript content anomalies.
Monitor for unexpected behavior: implement logging/alerts for unusual prompt creation, prompt execution commands by users who do not typically use them, and detection of abnormal administrative actions triggered via the Open WebUI “Functions” or API endpoints.
Segment and isolate admin interfaces: ensure the Open WebUI admin or prompt management interfaces are not publicly exposed or accessible without appropriate network segmentation, multi-factor authentication (MFA) and role-based access control (RBAC).

How TPRM professionals can leverage Black Kite for this vulnerability

The FocusTag Open WebUI gives TPRM teams a way to identify which vendors may be exposed to CVE-2025-64495. By leveraging Black Kite’s capabilities:

You can discover vendor-assets where Open WebUI is in use (e.g., via subdomains, fingerprints, user-agent scans) and narrow down the vendor population to those running version ≤ 0.6.34 or where the “Insert Prompt as Rich Text” feature is enabled.
You can prioritize vendor follow-up: vendors tagged with this flag should be contacted with the specific questions and remediation actions above, while other vendors without the flag may not need as urgent follow-up, reducing fatigue.
You can track remediation progress: When vendors report upgrade to 0.6.35+ or disable the risky feature, Black Kite can update scoring and risk tiers accordingly.
You can embed into workflows: Use the tag as a trigger in your vendor-risk management platform to raise tasks, assign owners, monitor deadlines, and escalate if vendor remediation is delayed or incomplete.

Black Kite’s Open WebUI FocusTagTM details critical insights on the event for TPRM professionals.

ENHANCING THIRD-PARTY RISK MANAGEMENT WITH BLACK KITE’S FOCUSTAGS™

As cyber threats continue to evolve, organizations increasingly rely on tools that convert complex vulnerability data into actionable intelligence. Black Kite’s FocusTags™ provide this essential capability by highlighting which vendors in your ecosystem are potentially exposed to significant vulnerabilities — such as this week’s issues in SharePoint, MSSQL, Kibana, Django, and Open WebUI.

FocusTags™ support TPRM programs by delivering:

Real-Time Exposure Identification : They immediately pinpoint which vendors may be running affected technologies or software versions. This accelerates your assessment process and ensures that the right teams receive targeted follow-ups.

Impact-Driven Prioritization : Not all vulnerabilities carry equal risk. FocusTags™ help rank vendors based on the severity of the vulnerability and the criticality of their role within your supply chain, enabling more strategic allocation of remediation resources.

More Effective Vendor Engagement : Instead of broad, generic questionnaires, TPRM teams can initiate highly specific, technically informed conversations with vendors about their exposure to vulnerabilities like the SharePoint RCE, MSSQL SQL injection, Kibana SSRF/XSS, Django ORM issues, or Open WebUI stored DOM-XSS.

Improved Supply-Chain Security Posture : With visibility into both public-facing assets and technology fingerprints, FocusTags™ provide organizations with a fuller understanding of how vulnerabilities propagate across complex vendor ecosystems. This empowers risk teams to advance from reactive triage to proactive, intelligence-driven security oversight.

By integrating FocusTags™ into TPRM workflows, organizations gain a decisive advantage — transforming raw vulnerability disclosures into structured vendor actions and strengthening defenses across their entire third-party landscape.

ABOUT FOCUS FRIDAY

Every week, we delve into the realms of critical vulnerabilities and their implications from a Third-Party Risk Management (TPRM) perspective. This series is dedicated to shedding light on pressing cybersecurity threats, offering in-depth analyses, and providing actionable insights.

FOCUSTAGS™ IN THE LAST 30 DAYS:

Microsoft SharePoint - Nov2025 : CVE-2025-62204, Deserialization of Untrusted Data Vulnerability, Remote Code Execution Vulnerability in Microsoft Office SharePoint.
MSSQL - Nov2025 : CVE-2025-59499, Improper Neutralization of Special Elements in SQL Commands, SQL Injection Vulnerability, Privilege Escalation Vulnerability in Microsoft SQL Server.
Elastic Kibana - Nov2025 : CVE-2025-37734, CVE-2025-59840, Server-Side Request Forgery (SSRF) Vulnerability, DOM-based Cross-site Scripting (XSS) Vulnerability, Improper Input Validation Vulnerability in Elastic Kibana.
Django - Nov2025 : CVE-2025-64459, CVE-2025-64458, SQL Injection Vulnerability, Denial-of-Service Vulnerability, Improper Input Validation Vulnerability in the Django Web Framework.
Open WebUI - Nov2025 : CVE-2025-64495, Stored DOM XSS Vulnerability, Account Takeover Vulnerability, Remote Code Execution Vulnerability in Open WebUI.
MOVEit - Oct2025 : CVE-2025-10932, Uncontrolled Resource Consumption Vulnerability, Denial of Service Vulnerability in Progress MOVEit Transfer.
Redis - Nov2025 : CVE-2025-62507, Improper Input Validation Vulnerability, Stack-based Buffer Overflow Vulnerability, Remote Code Execution Vulnerability in Redis.
Control Web Panel (CWP) : CVE-2025-48703, Remote Code Execution Vulnerability, OS Command Injection Vulnerability in CentOS Control Web Panel.
DNN Software - Oct2025 : CVE-2025-64095, Improper Access Control Vulnerability, Unrestricted Upload of File Vulnerability, Arbitrary File Write Vulnerability, Remote Code Execution Vulnerability, Cross-site Scripting Vulnerability in DNN Software.
XWiki Platform : CVE-2025-24893, Remote Code Execution Vulnerability in XWiki Platform.
MikroTik RouterOS & SwOS : CVE-2025-61481, Arbitrary Code Execution Vulnerability, Man-in-the-Middle (MITM) Attack Vulnerability in MikroTik RouterOS & SwOS.
Apache Tomcat - Oct2025 : CVE-2025-55752, CVE-2025-55754, CVE-2025-61795, Remote Code Execution, Authorization Bypass, Path Traversal, File Upload, Improper Neutralization of Escape, Meta, or Control Sequences, Improper Resource Shutdown or Release, Improper Input Validation, Authentication Bypass, Denial of Service Vulnerabilities in Apache Tomcat.
Vault - Oct2025 : CVE-2025-12044, CVE-2025-11621, Denial of Service, Allocation of Resources Without Limits or Throttling, Authentication Bypass, Improper Authentication Vulnerabilities in Vault.
LiteSpeed - Oct2025 : CVE-2025-12450, Cross-site Scripting (XSS) Vulnerability in LiteSpeed.
Samba Server : CVE-2025-10230, Remote Code Execution Vulnerability in Samba servers.
Atlassian Jira - Oct2025 : CVE-2025-22167, CVE-2025-58057, CVE-2025-58056, CVE-2025-7962, CVE-2025-48989, Path Traversal, Arbitrary File Write, Remote Code Execution (RCE), Denial of Service (DoS), Request Smuggling, SMTP Injection, Improper Resource Shutdown or Release (MadeYouReset DDoS) vulnerabilities in Atlassian Jira Software and Jira Service Management.
TP-Link Omada Gateways : CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, CVE-2025-7851, OS Command Injection vulnerabilities and Unauthorized Root Access via Debug Functionality in TP-Link Omada Gateways.
MinIO - Oct2025 : CVE-2025-62506, Privilege Escalation Vulnerability in MinIO servers.
Squid Proxy - Oct2025 : CVE-2025-62168, Information Disclosure Vulnerability in Squid Proxy.
Sauter EY-modulo : CVE-2025-41723, CVE-2025-41724, CVE-2025-41722, CVE-2025-41721, CVE-2025-41720, CVE-2025-41719, Improper Validation of Syntactic Correctness of Input Vulnerability, Denial of Service Vulnerability, Use of Hard-coded Credentials Vulnerability, Reliance on File Name or Extension of Externally-Supplied File Vulnerability, Command Injection Vulnerability in Sauter EY-modulo.
F5 BIG-IP APT Risk : CVE-2025-53868, CVE-2025-60016, CVE-2025-48008, CVE-2025-59781, CVE-2025-61951, CVE-2025-46706, CVE-2025-53856, CVE-2025-61974, CVE-2025-58071, CVE-2025-61990, CVE-2025-58096, CVE-2025-59481, CVE-2025-61958, CVE-2025-59269, CVE-2025-58153, CVE-2025-59483, CVE-2025-59268, CVE-2025-54755, CVE-2025-58424, Command Injection, Denial of Service (DoS), Out-of-bounds Read/Write, Use-After-Free, Resource Exhaustion, Memory Leak, Privilege Escalation, Authentication Bypass, Arbitrary File Write / File Upload, Cross-Site Scripting (XSS), Information Disclosure, Path Traversal, Exposure of Sensitive Information vulnerabilities in F5 BIG-IP (TMM, iControl REST, tmsh, Configuration Utility, IPsec, SSL/TLS profiles, DNS cache, iRules, ePVA, etc.), BIG-IP Next (SPK, CNF, Kubernetes).
Exchange Server - Oct2025: CVE-2025-59248, CVE-2025-59249, CVE-2025-53782, Spoofing Vulnerability, Elevation of Privilege Vulnerability, and Arbitrary Code Execution Vulnerability in Microsoft Exchange Server.
Microsoft SharePoint - Oct2025: CVE-2025-59228, CVE-2025-59237, Remote Code Execution vulnerabilities in Microsoft SharePoint.