CVE-2025-63389
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-19

Assigner: MITRE

Description
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-63389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ollama platform 0.12.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a critical authentication bypass in the Ollama platform's API endpoints in versions up to and including v0.12.3. Multiple important API endpoints do not require authentication, allowing remote attackers to perform unauthorized operations such as enumerating existing models, creating, deleting, or copying models, and injecting malicious system prompts. This can lead to model poisoning, where attackers create adversarial models with the same names as legitimate ones, delete legitimate models, and force users to interact with compromised models. [1]

Impact Analysis

The impact of this vulnerability is severe. Attackers can remotely execute code through malicious model configurations or prompt injections, escalate privileges by managing models without authorization, disclose sensitive information by enumerating installed models, and manipulate model behavior through poisoning. This can compromise the integrity, confidentiality, and availability of the platform and its data. [1]

Detection Guidance

You can detect this vulnerability by checking if the vulnerable API endpoints are accessible without authentication. Specifically, test access to the following endpoints: /api/tags, /v1/models, /api/copy, /api/delete, /api/create, /api/generate, and /api/chat. For example, you can use curl commands to send requests to these endpoints and observe if they respond without requiring authentication. Example commands: curl -X GET http://<ollama-host>/api/tags curl -X GET http://<ollama-host>/v1/models curl -X POST http://<ollama-host>/api/create -d '{}' If these endpoints respond successfully without authentication, your system is vulnerable. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the Ollama platform to a version later than v0.12.3 where this authentication bypass is fixed. If upgrading is not immediately possible, restrict network access to the vulnerable API endpoints by implementing firewall rules or network segmentation to prevent unauthorized remote access. Additionally, monitor API usage for suspicious activity and consider disabling or limiting access to the affected endpoints until a patch is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63389. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart