High severity7.5NVD Advisory· Published May 16, 2025· Updated Jun 17, 2026
CVE-2025-1975
CVE-2025-1975
Description
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | <= 0.5.11 | — |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/k8sgptpkg:apk/chainguard/modspkg:apk/chainguard/ollama-fipspkg:apk/wolfi/k8sgptpkg:apk/wolfi/modspkg:golang/github.com/ollama/ollamapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.4.28-r0+ 6 more
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: < 1.8.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: < 1.8.1-r14
- (no CPE)range: <= 0.5.11
- (no CPE)range: < 0.0.20250523T151856-1.1
Patches
Vulnerability mechanics
References
5- huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acdnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-wrh5-cmwx-q2qrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-1975ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/ollama/PYSEC-2025-145.yamlghsaWEB
- pkg.go.dev/vuln/GO-2025-3695ghsaWEB
News mentions
0No linked articles in our index yet.