CVE 9.8 CRITICAL

CVE-2025-63389_CVE-2025-63389

December 19, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

AI Analysis

Authentication bypass vulnerability in Ollama platform's API endpoints

Basic Information

ID CVE-2025-63389

Source mitre

Published Dec 18, 2025 at 00:00

Modified Dec 19, 2025 at 18:02

Affected Product

Vendor Ollama

Product Ollama platform

Version v0.12.3

Affected Versions n/a n/a n/a

CWE Classification

CWE-306

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Ollama

Product Ollama platform

Version v0.12.3

References

{
    "lastseen": "",
    "description": "A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.",
    "published": "2025-12-18T00:00:00.000Z",
    "modified": "2025-12-19T18:02:03.129Z",
    "type": "cve",
    "title": "CVE-2025-63389",
    "source": "mitre",
    "references": "https://github.com/ollama/ollama/issues\nhttps://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd",
    "id": "CVE-2025-63389",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ollama platform",
    "version": "v0.12.3",
    "vendor": "Ollama",
    "ai_description": "Authentication bypass vulnerability in Ollama platform's API endpoints",
    "ai_severity": "Critical",
    "ai_vendor": "Ollama",
    "ai_product": "Ollama platform",
    "ai_version": "v0.12.3",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply