CVE-2025-63389

Critical CVSS: 9.8

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Vendor

Ollama

Product

Ollama

CWE

CWE-306

Yayın Tarihi

2025-12-18 16:15:54

Güncelleme

2026-01-22 18:16:43

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-306 Ollama CRITICAL Ollama 2025

Referanslar

https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd https://gist.github.com/Cristliu/b6f4d070fb27932f581be1aadc0923e7 https://github.com/ollama/ollama/issues

Benzer Kayıtlar

High

CVE-2025-66959

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

High

CVE-2025-66960

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function rea…

High

CVE-2025-15514

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal mod…

Medium

CVE-2025-44779

An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/…

Medium

CVE-2025-51471

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authen…

High

CVE-2025-1975

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by…