CVE-2025-66960
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-02-02

Assigner: MITRE

Description
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66960
EUVD
EUVD-2026-3603
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ollama ollama 0.12.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-66960 is a remote unauthenticated Denial-of-Service (DoS) vulnerability in Ollama's GGUF decoder, specifically in the function readGGUFV1String in fs/ggml/gguf.go. The function reads a string length from untrusted GGUF metadata without proper validation, such as checking bounds or integer overflow. This causes a panic error "bytes.Buffer: truncation out of range" when bytes.Buffer.Truncate is called with an invalid length, leading the server process to terminate unexpectedly. The vulnerability can be triggered by uploading a crafted GGUF file via the /api/blobs endpoint and creating a model using it via /api/create, causing the server to crash and lose availability. [1]

Impact Analysis

This vulnerability allows a remote attacker to cause a denial of service by crashing the Ollama server. By uploading a malicious GGUF file and creating a model referencing it, the attacker can trigger a panic that terminates the server process. This results in loss of availability of the affected service, causing API endpoints to fail and disrupting normal operations. [1]

Detection Guidance

This vulnerability can be detected by monitoring server logs for panic errors related to 'bytes.Buffer: truncation out of range' originating from the readGGUFV1String function in fs/ggml/gguf.go. Additionally, attempts to upload GGUF files via the /api/blobs endpoint and create models via /api/create that cause the server to crash indicate exploitation. Using the provided proof-of-concept (PoC) script to upload a crafted GGUF file and trigger the panic can also confirm the vulnerability. Specific commands would involve sending HTTP POST requests to /api/blobs to upload files and to /api/create to create models, then checking server logs for panic stack traces. For example, using curl commands to upload a malicious GGUF file and create a model, followed by inspecting logs for panic messages. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the ability for untrusted clients to upload GGUF files via the /api/blobs endpoint and to create models via /api/create until a patch is available. Monitoring and blocking suspicious requests targeting these endpoints can reduce risk. Additionally, implementing input validation or filtering on uploaded GGUF metadata to prevent malformed or malicious files can help. Restarting the server after a crash and limiting access to trusted users only are also recommended until an official fix is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart