OpenWebUI servers targeted for extensive cryptomining

Misconfigured instances of the widely used open-source OpenWebUI AI servers have been covertly compromised with cryptocurrency mining and credential-stealing malware as part of an attack campaign that has been underway since late 2024, Cybernews reports.

Threat actors have targeted internet-exposed OpenWebUI instances vulnerable to the technical data leaking flaw, tracked as CVE-2025-63391, with illicit Python scripts that facilitated the injection of cryptominers and infostealing payloads, according to Cybernews researchers. While the infostealer was loaded through a malicious Java archive file in earlier malware variants, attackers eventually integrated data theft capabilities into the Python scripts.

Additional findings revealed that nearly all of the 12,000 online OpenWebUI servers, most of which were located in the U.S., China, and Germany, were susceptible to CVE-2025-63391, with almost 50% of servers lacking authentication impacted by the malware. Activating authentication features, mandating admin approvals for new signups, implementing IP whitelisting, and establishing monitoring pipelines to identify unauthorized "Tools" uploads and unpermitted models are necessary to ensure the security of OpenWebUI instances, researchers said.