VYPR
Critical severityOSV Advisory· Published Dec 18, 2025· Updated Jan 22, 2026

CVE-2025-63389

CVE-2025-63389

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ollama/ollamaGo
<= 0.13.5

Affected products

10

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.