CVE-2025-66959

Published Jan 21, 2026

Last updated 2 months ago

CVSS high 7.5

Overview

Description
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
Source
cve@mitre.org
NVD status
Analyzed
Products
ollama

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-20

Social media

Hype score
Not currently trending

  1. My first two CVEs(CVE-2025-66959, CVE-2025-66960) discovered in Ollama have been published. Just audit my eyes👀 https://t.co/1A5I7Cm9f5

    @desckimh

    8 Feb 2026

    2561 Impressions

    3 Retweets

    44 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-66959 Denial of Service Vulnerability in Ollama v0.12.10 GGUF Decoder https://t.co/yho6mMCuwr

    @VulmonFeeds

    21 Jan 2026

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-66959 An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder https://t.co/V9z1lREoMF

    @CVEnew

    21 Jan 2026

    167 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadataCVE-2025-66960
  2. Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.CVE-2025-15514
  3. A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.CVE-2025-63389
  4. An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.CVE-2025-44779
  5. A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.CVE-2025-1975

References

Sources include official advisories and independent security research.