CVE-2025-51471

MEDIUM

Ollama 0.6.7 - XSS

Title source: llm

Description

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-51471

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by ajtazer · poc

https://github.com/ajtazer/CVE-2025-51471-POC

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://huntr.com/bounties/94eea285-fd65-4e01-a035-f533575ebdc2

[Product] https://github.com/ollama/ollama

[Exploit, Issue Tracking] https://github.com/ollama/ollama/pull/10750

[Exploit, Third Party Advisory] https://www.gecko.security/blog/cve-2025-51471

Scores

CVSS v3 6.9

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Details

CWE

CWE-345 CWE-384

Status published

Products (2)

ollama/ollama 0.6.7

ollama/ollama 0Go

Published Jul 22, 2025

Tracked Since Feb 18, 2026