CVE-2025-63389

Published Dec 18, 2025

Last updated 5 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-63389 describes an authentication bypass vulnerability found in the API endpoints of the Ollama platform, specifically in versions up to and including v0.12.3. This flaw stems from a lack of proper authentication mechanisms on critical API endpoints. As a result, remote attackers can exploit this vulnerability to interact with the Ollama API without providing credentials, enabling them to perform unauthorized model management operations such as creating, deleting, or modifying models.

Description
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
Source
cve@mitre.org
NVD status
Modified
Products
ollama

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-306

Social media

Hype score
Not currently trending

Configurations