High severityNVD Advisory· Published May 16, 2025· Updated May 16, 2025

Improper Validation of Array Index in ollama/ollama

CVE-2025-1975

Description

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Ollama server 0.5.11 has an improper array index validation in the /api/pull endpoint, enabling DoS via a crafted manifest.

Vulnerability

CVE-2025-1975 describes a denial-of-service vulnerability in the Ollama server version 0.5.11. The flaw stems from improper validation of array index access when processing model download requests via the /api/pull endpoint. A malicious user can customize the manifest content and spoof a service to trigger an out-of-bounds array access, causing the server to crash [2].

Exploitation

An attacker does not require authentication to exploit this vulnerability; they only need network access to the Ollama server's API. By sending a specially crafted manifest during the model pull operation, the attacker can cause the server to access an array element outside its bounds, leading to a segmentation fault or panic. The exploitation does not require any special privileges and can be performed remotely [2].

Impact

Successful exploitation results in a complete denial of service, rendering the Ollama server unavailable for legitimate users. This can disrupt any applications or services relying on the server to run AI models. No data integrity or confidentiality is affected, but availability is fully compromised.

Mitigation

As of the publication date, no patch has been announced for Ollama version 0.5.11. Users are advised to monitor the official repository for updates and apply any patches as soon as they become available [2]. Restricting network access to trusted clients can reduce exposure until a fix is deployed.

References

NVD - CVE-2025-1975

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/ollama/ollamaGo	<= 0.5.11	—

Affected products

Ollama/Ollamallm-fuzzy2 versions
= 0.5.11+ 1 more
- (no CPE)range: = 0.5.11
- (no CPE)range: unspecified
osv-coords4 versions
pkg:apk/chainguard/k8sgpt pkg:apk/wolfi/k8sgpt pkg:golang/github.com/ollama/ollama pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0.4.28-r0+ 3 more
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: < 0.4.28-r0
- (no CPE)range: <= 0.5.11
- (no CPE)range: < 0.0.20250523T151856-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wrh5-cmwx-q2qrghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-1975ghsaADVISORY
huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acdghsaWEB
pkg.go.dev/vuln/GO-2025-3695ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000