CVE-2025-64496

Five AI Security Tools Found What Curl Already Knew -- But Faster, and With Receipts

Julius, Augustus, Garak, Promptfoo, and AI-Infra-Guard run against the same Ollama target from the prequel -- same vulnerability, but structured bypass rates, named CVE matches, and repeatable test configs that survive a security review.

I Stood Up a Vulnerable AI Chatbot and Watched It Fall. CVE-2025-64496, Every Step.

Full attack chain against Open WebUI v0.6.33 -- from a chat message to root RCE, admin JWT forgery, and persistent backdoor. CVE-2025-64496 exploitation with every command and dead end documented.

Before You Can Break It, You Have to Build It Wrong

Deploy the intentionally vulnerable Open WebUI v0.6.33 + Ollama 0.1.33 lab stack on Debian 13 from scratch -- Docker, compose file, API account setup, and every gotcha for CVE-2025-64496 lab reproduction.