VYPR
Medium severity6.9NVD Advisory· Published Jul 22, 2025· Updated Jun 17, 2026

CVE-2025-51471

CVE-2025-51471

Description

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ollama/ollamaGo
<= 0.9.6

Affected products

10

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.