cvedb.io
CVE-2025-63389
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-12-18T16:15:54.760 · Last modified 2026-06-17T09:53:04.500

Summary

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Affected products

ollama — ollama

Does this affect you?

Add your gear to cvedb and we'll alert you only when ollama ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.