CVE-2025-66959
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ollama | ollama | 0.12.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66959 is a remote unauthenticated Denial of Service (DoS) vulnerability in the GGUF decoder component of Ollama software (version β€ 0.12.10). The flaw occurs because the function readGGUFString reads an 8-byte length from a GGUF model file and allocates a byte slice of that length without validating it. If a maliciously crafted GGUF file contains an excessively large or invalid length, this causes a runtime panic with the error 'makeslice: len out of range', crashing the server process and causing denial of service. The vulnerability can be triggered remotely by uploading a crafted GGUF model file via exposed API endpoints that do not require authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability impacts the availability of the Ollama server by causing it to crash when processing a malicious GGUF model file. An attacker can remotely trigger a denial of service without any privileges or user interaction, making the service unavailable to legitimate users. There is no impact on confidentiality or integrity, only on availability. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for server crashes or panics related to the GGUF decoder in Ollama versions up to 0.12.10. Specifically, look for runtime panics with the error message 'makeslice: len out of range' in server logs when processing GGUF model files. You can attempt to reproduce the issue by uploading a crafted GGUF model file to the exposed API endpoints (/api/blobs and /api/create) and observing if the Ollama server crashes. A command example to create a model (which may trigger the issue) is: `/ollama-0.5.1/ollama create my_model` (adjust version and model name accordingly). Monitoring logs for panic traces referencing `readGGUFString` or `gguf.go` line 333 can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Ollama API endpoints (/api/blobs and /api/create) to trusted users only, as these endpoints do not require authentication and can be exploited remotely. Avoid uploading untrusted or malicious GGUF model files. If possible, upgrade Ollama to a version later than 0.12.10 once a patch is released. Until then, consider disabling or limiting the use of GGUF model loading features to prevent triggering the vulnerability. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service by crashing the server process but does not impact confidentiality or integrity of data. Therefore, it primarily affects availability. There is no information indicating direct effects on compliance with standards like GDPR or HIPAA, which focus on data protection and privacy. However, the denial of service could indirectly affect availability requirements under such regulations. [2]