cbcvebase.
CVE-2025-1975
published 2025-05-16

CVE-2025-1975: A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and…

PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.43%
34.1th percentile
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

Affected

7 ranges
VendorProductVersion rangeFixed in
github.comollama_ollama0 – 0.5.11
msrcazl3_bind_9.19.21-1_on_azure_linux_3.0
msrcazl3_bind_9.20.0-1_on_azure_linux_3.0
msrccbl2_bind_9.16.50-1_on_cbl_mariner_2.0
msrccbl2_dhcp_4.4.3.p1-2_on_cbl_mariner_2.0
ollamaollama
ollamaollama_ollamaunspecified – latest

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.