CVE-2025-63389

CRITICAL

ollama < 0.12.3 - Unauthenticated API Endpoint Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63389. PoCs published by nuclide-research.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-63389, which targets unauthenticated model injection in Ollama instances. The code includes a probe function that checks for the vulnerability by attempting to create a model without authentication.

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Exploits (1)

nomisec WORKING POC
by nuclide-research · poc
https://github.com/nuclide-research/VisorGoose

This repository contains a functional exploit PoC for CVE-2025-63389, which targets unauthenticated model injection in Ollama instances. The code includes a probe function that checks for the vulnerability by attempting to create a model without authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Ollama
No auth needed
Prerequisites: Network access to the target Ollama instance on port 11434
devstral-2 · analyzed Jun 04, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0063
EPSS Percentile 45.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (2)
ollama/ollama < 0.12.3
ollama/ollama 0Go
Published Dec 18, 2025
Tracked Since Feb 18, 2026