CVE-2025-0312
HIGHollama <= 0.3.14 - Denial of Service via GGUF Model File Upload
Title source: llmDescription
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service (DoS) attack via remote network.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/522c87b6-a7ac-41b2-84f3-62fd58921f21
Scores
CVSS v3
7.5
EPSS
0.0065
EPSS Percentile
46.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (2)
ollama/ollama
< 0.3.14
ollama/ollama
0Go
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026