PT-2025-52239 · Ollama · Ollama

Cristliu

Published

2025-12-18

Updated

2026-06-04

CVE-2025-63389

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.12.3

Description A critical issue allows attackers to bypass authentication in the Ollama platform. The platform exposes API endpoints without authentication requirements, allowing remote attackers to perform unauthorized model management operations.

Recommendations Update to a version later than 0.12.3.

Fix

Improper Access Control

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-306

Related Identifiers

CVE-2025-63389

GHSA-F6MR-38G8-39RG

GO-2025-4251

SUSE-SU-2026:0142-1

Affected Products

Ollama

PT-2025-52239 · Ollama · Ollama

CVE-2025-63389

Weakness Enumeration

Related Identifiers

Affected Products

References · 48