CVE-2025-63389

Published: Dec 18, 2025

Modified: Jan 22, 2026

PUBLISHED

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ollama/ollama/issues

https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd

https://gist.github.com/Cristliu/b6f4d070fb27932f581be1aadc0923e7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63389

Description

Affected Products

References