CVE-2025-63389

ADVISORY - github

Summary

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

EPSS Score⁠: 0.00181 (0.395)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-306⁠

Missing Authentication for Critical Function

ADVISORY - github

CWE-284⁠

Improper Access Control

CWE-306⁠

Missing Authentication for Critical Function

Impacted images

Advisories

NIST

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-63389⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-306⁠

CVSS SCORE

9.8critical

GitHub

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDGHSA-f6mr-38g8-39rg⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-284⁠CWE-306⁠

CVSS SCORE

9.3critical

GoLang

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDGO-2025-4251⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-f4xj-2x79-qrc6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-vcqc-7mhr-6445

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-gwpm-gjp3-m584

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY