CVE-2025-51471

ADVISORY - github

Summary

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

EPSS Score⁠: 0.00031 (0.087)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-345⁠

Insufficient Verification of Data Authenticity

CWE-384⁠

Session Fixation

ADVISORY - github

CWE-345⁠

Insufficient Verification of Data Authenticity

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-345⁠

Insufficient Verification of Data Authenticity

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

8 months ago

UPDATED

5 months ago

ADVISORY IDCVE-2025-51471⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-345⁠CWE-384⁠

CVSS SCORE

6.9medium

GitHub

CREATED

8 months ago

UPDATED

5 months ago

ADVISORY IDGHSA-x9hg-5q6g-q3jr⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-345⁠

CVSS SCORE

6.9medium

GoLang

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDGO-2025-3824⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CVE-2025-51471

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-345⁠CWE-937⁠

CVSS SCORE

6.9medium

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-6crq-pcpr-mxc6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

MINI-265x-xh5q-74hg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY