CVE-2025-63389

ADVISORY - github

Summary

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

EPSS Score⁠: 0.00181 (0.395)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-306⁠

Missing Authentication for Critical Function

ADVISORY - github

CWE-284⁠

Improper Access Control

CWE-306⁠

Missing Authentication for Critical Function

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.