CVE-2025-0317 – A vulnerability in Ollama versions up to 0.3.14... (How to Fix)

Q: What is the severity of CVE-2025-0317?

CVE-2025-0317 has a CVSS score of 7.5 (HIGH). A vulnerability in Ollama versions up to 0.3.14 allows attackers to upload malicious GGUF model files that trigger a division by zero error, causing server crashes and denial of service. This affects all Ollama servers running vulnerable versions, particularly those exposed to untrusted users who can upload models.

📋 TL;DR

A vulnerability in Ollama versions up to 0.3.14 allows attackers to upload malicious GGUF model files that trigger a division by zero error, causing server crashes and denial of service. This affects all Ollama servers running vulnerable versions, particularly those exposed to untrusted users who can upload models.

💻 Affected Systems

Products:

ollama/ollama

Versions: <= 0.3.14

Operating Systems: All platforms running Ollama

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable if model upload functionality is accessible.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained DoS attacks could render Ollama services completely unavailable, disrupting AI/ML workflows and dependent applications.

🟠

Likely Case

Intermittent server crashes requiring manual restarts, causing service disruption and potential data loss for in-progress operations.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, allowing quick detection and recovery from attacks.

🌐 Internet-Facing: HIGH - Internet-facing Ollama instances are directly exposed to potential DoS attacks from any malicious actor.

🏢 Internal Only: MEDIUM - Internal instances could still be attacked by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to upload GGUF model files to the Ollama server, which typically requires some level of access or API usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 0.3.14

Vendor Advisory: https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0

Restart Required: No

Instructions:

1. Update Ollama to version 0.3.15 or later. 2. Use package manager: 'ollama upgrade' or download latest release from GitHub. 3. No restart required as updates take effect immediately.

🔧 Temporary Workarounds

Restrict model uploads

all

Limit who can upload GGUF models to trusted users only using authentication and authorization controls.

Network segmentation

all

Place Ollama servers behind firewalls and restrict access to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict access controls to limit who can upload models to the Ollama server
Deploy monitoring and alerting for server crashes with automated restart capabilities

🔍 How to Verify

Check if Vulnerable:

Run 'ollama --version' and check if version is 0.3.14 or earlier.

Check Version:

ollama --version

Verify Fix Applied:

After update, run 'ollama --version' to confirm version is 0.3.15 or later.

📡 Detection & Monitoring

Log Indicators:

Server crash logs mentioning 'division by zero' or 'ggufPadding'
Unexpected process termination of ollama service
Multiple failed model upload attempts

Network Indicators:

Unusual spikes in model upload requests
Repeated connections followed by service unavailability

SIEM Query:

process.name:"ollama" AND (event.action:"crashed" OR log.message:"*division by zero*" OR log.message:"*ggufPadding*")

📊 Metadata

CVE ID: CVE-2025-0317

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-369

EPSS Score: 0.41% exploit probability (60.7th percentile)

Published: March 20, 2025

Last Updated: April 2, 2025

🔗 References

https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0317, you might also want to check these: