OpenWebUI Servers Targeted for Extensive Cryptomining

OpenWebUI, a popular open‑source interface for large language models, has become a prime target for threat actors after a critical flaw—CVE‑2025‑63391—was disclosed. The vulnerability stems from inadequate authentication controls that allow unauthenticated users to upload arbitrary Python scripts. Since late 2024, attackers have scanned the public internet for exposed instances, exploiting the flaw to inject malicious code. Analysts estimate that roughly 12,000 servers across the United States, China, and Germany remain vulnerable, highlighting the rapid adoption of AI tooling without corresponding security hardening.

The compromised servers are being repurposed for illicit cryptocurrency mining and credential harvesting. Early malware versions delivered a Java archive that installed an infostealer, while newer payloads embed data‑theft routines directly within the Python backdoor, enabling continuous exfiltration of API keys and user credentials. Roughly half of the unauthenticated instances—about 6,000 machines—show signs of active mining, generating measurable hash power for botnet operators. The geographic spread amplifies risk, as compromised nodes can serve as footholds for further attacks on downstream enterprises that rely on these AI endpoints.

Mitigation hinges on immediate hardening of OpenWebUI deployments. Administrators should enable built‑in authentication, require admin approval for new user registrations, and enforce IP whitelisting to limit exposure. Continuous monitoring for unauthorized “Tools” uploads and unexpected model installations can flag compromise early, allowing rapid response. Vendors and the open‑source community are urged to release patches and improve default security settings, while organizations must incorporate AI‑service risk assessments into their broader cybersecurity frameworks. Proactive defenses will curb the cryptomining surge and protect sensitive data from future exploitation.