CVE-2025-66960

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.12.10

Description An issue exists in the readGGUFV1String() function within the Ollama large language model (LLM) launch and management system. Insufficient input validation in this function can allow a remote attacker to cause a denial of service. The issue resides in the fs/ggml/gguf.go file, where the readGGUFV1String() function reads a string length from untrusted GGUF metadata.

Recommendations Update to version 0.12.10 or later.

Exploit

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

BDU:2026-00974

CVE-2025-66960

PYSEC-2026-102

Affected Products

Ollama

CVE-2025-66960

Weakness Enumeration

Related Identifiers

Affected Products

References · 8