CVE-2025-1975

HIGH

Ollama <0.5.11 - DoS

Title source: llm

Description

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd

Scores

CVSS v3 7.5

EPSS 0.0050

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (2)

ollama/ollama 0.5.11

ollama/ollama 0Go

Published May 16, 2025

Tracked Since Feb 18, 2026