TROYANOSYVIRUS
Retour aux CVEs

CVE-2025-63389

CRITICAL
9.8

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/18/2025
Derniere modification1/22/2026
Sourcenvd
Observations honeypot0

Produits affectes

ollama:ollama

Faiblesses (CWE)

CWE-306

References

https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd(cve@mitre.org)
https://gist.github.com/Cristliu/b6f4d070fb27932f581be1aadc0923e7(cve@mitre.org)
https://github.com/ollama/ollama/issues(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.