CVE-2025-63389
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ollama | platform | 0.12.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical authentication bypass in the Ollama platform's API endpoints in versions up to and including v0.12.3. Multiple important API endpoints do not require authentication, allowing remote attackers to perform unauthorized operations such as enumerating existing models, creating, deleting, or copying models, and injecting malicious system prompts. This can lead to model poisoning, where attackers create adversarial models with the same names as legitimate ones, delete legitimate models, and force users to interact with compromised models. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is severe. Attackers can remotely execute code through malicious model configurations or prompt injections, escalate privileges by managing models without authorization, disclose sensitive information by enumerating installed models, and manipulate model behavior through poisoning. This can compromise the integrity, confidentiality, and availability of the platform and its data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if the vulnerable API endpoints are accessible without authentication. Specifically, test access to the following endpoints: /api/tags, /v1/models, /api/copy, /api/delete, /api/create, /api/generate, and /api/chat. For example, you can use curl commands to send requests to these endpoints and observe if they respond without requiring authentication. Example commands: curl -X GET http://<ollama-host>/api/tags curl -X GET http://<ollama-host>/v1/models curl -X POST http://<ollama-host>/api/create -d '{}' If these endpoints respond successfully without authentication, your system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Ollama platform to a version later than v0.12.3 where this authentication bypass is fixed. If upgrading is not immediately possible, restrict network access to the vulnerable API endpoints by implementing firewall rules or network segmentation to prevent unauthorized remote access. Additionally, monitor API usage for suspicious activity and consider disabling or limiting access to the affected endpoints until a patch is applied. [1]