CVE-2025-51471

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-51471

Severity

6.9

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-51471
https://github.com/advisories/GHSA-x9hg-5q6g-q3jr
https://pkg.go.dev/vuln/GO-2025-3824
https://huntr.com/bounties/94eea285-fd65-4e01-a035-f533575ebdc2
https://www.gecko.security/blog/cve-2025-51471
https://github.com/ollama/ollama/pull/10750
https://github.com/ollama/ollama

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-51471

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company