CVE-2025-63389

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-63389

Severity

9.8

Critical

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-63389
https://github.com/advisories/GHSA-f6mr-38g8-39rg
https://pkg.go.dev/vuln/GO-2025-4251
https://gist.github.com/Cristliu/b6f4d070fb27932f581be1aadc0923e7
https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd
https://github.com/ollama/ollama/issues

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-63389

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company