CVE-2025-1975

Published May 16, 2025

Last updated 8 months ago

CVSS high 7.5

Overview

Description
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
Source
security@huntr.dev
NVD status
Analyzed
Products
ollama

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security@huntr.dev
CWE-129

Social media

Hype score
Not currently trending

  1. [1day1line] CVE-2025-1975: Denial of Service (DoS) Vulnerability due to Ollama's Lack of Array Index Verification https://t.co/MZVsjAcVPc The vulnerability I studied today is the DoS vulnerability that occurs when the Ollama server handles pull requests. As Pwn2Own has added AI

    @hackyboiz

    7 Jul 2025

    1002 Impressions

    3 Retweets

    15 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-1975 A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a… https://t.co/ERkcL37Ebj

    @CVEnew

    17 May 2025

    164 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadataCVE-2025-66960
  2. An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoderCVE-2025-66959
  3. Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.CVE-2025-15514
  4. A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.CVE-2025-63389
  5. An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.CVE-2025-44779

References

Sources include official advisories and independent security research.