Medium severity6.6NVD Advisory· Published Aug 7, 2025· Updated Jun 17, 2026
CVE-2025-44779
CVE-2025-44779
Description
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/ollama/ollamaGo | < 0.1.34 | 0.1.34 |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/ollama/ollamapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.1.34+ 3 more
- (no CPE)range: < 0.1.34
- (no CPE)range: < 0.0.20250814T182633-150000.1.98.1
- (no CPE)range: < 0.0.20250811T192933-1.1
- (no CPE)range: < 0.0.20250814T182633-150000.1.98.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-93jv-pvg8-hf3vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-44779ghsaADVISORY
- a1batr0ss.top/2025/03/17/Ollama-arbitrary-file-deletion-vulnerabilityghsaWEB
- a1batr0ss.top/2025/03/17/Ollama-arbitrary-file-deletion-vulnerability/nvdBroken Link
- a1batr0ss.top/2025/08/06/CVE-2025-44779-Ollama-arbitrary-file-deletionghsaWEB
- a1batr0ss.top/2025/08/06/CVE-2025-44779-Ollama-arbitrary-file-deletion/nvdBroken Link
News mentions
0No linked articles in our index yet.