CVE-2025-44779 – This vulnerability in Ollama v0.1.33 allows att... (How to Fix)

Q: What is the severity of CVE-2025-44779?

CVE-2025-44779 has a CVSS score of 6.6 (MEDIUM). This vulnerability in Ollama v0.1.33 allows attackers to delete arbitrary files by sending a specially crafted packet to the /api/pull endpoint. It affects systems running vulnerable versions of Ollama with the API exposed. The issue stems from improper input validation (CWE-20) in the file handling mechanism.

📋 TL;DR

This vulnerability in Ollama v0.1.33 allows attackers to delete arbitrary files by sending a specially crafted packet to the /api/pull endpoint. It affects systems running vulnerable versions of Ollama with the API exposed. The issue stems from improper input validation (CWE-20) in the file handling mechanism.

💻 Affected Systems

Products:

Ollama

Versions: v0.1.33

Operating Systems: All platforms running Ollama

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with Ollama v0.1.33 running and the API endpoint accessible is vulnerable. The vulnerability exists in the default configuration.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, configuration files, or user data, potentially leading to service disruption, data loss, or privilege escalation.

🟠

Likely Case

Targeted deletion of application files, configuration files, or user data causing service disruption or data loss in Ollama deployments.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized access to the Ollama API endpoint.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting specific packets to the /api/pull endpoint. No public proof-of-concept code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.1.34 or later

Vendor Advisory: https://github.com/ollama/ollama

Restart Required: No

Instructions:

1. Stop the Ollama service. 2. Update Ollama to version v0.1.34 or later using your package manager or by downloading from the official repository. 3. Restart the Ollama service.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the Ollama API endpoint to only trusted IP addresses or networks.

Use firewall rules to block access to port 11434 (default Ollama port) from untrusted networks

API Endpoint Disablement

all

Disable the vulnerable /api/pull endpoint if not required for your use case.

Configure Ollama to disable the API or restrict endpoint access through application configuration

🧯 If You Can't Patch

Implement strict network segmentation to isolate Ollama instances from untrusted networks
Deploy web application firewall (WAF) rules to block malicious requests to the /api/pull endpoint

🔍 How to Verify

Check if Vulnerable:

Check if Ollama version is v0.1.33 by examining the service version or installation package.

Check Version:

ollama --version

Verify Fix Applied:

Verify Ollama version is v0.1.34 or later after applying the update.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /api/pull endpoint with crafted parameters
File deletion events in system logs originating from Ollama process

Network Indicators:

Unusual traffic patterns to Ollama API port 11434
Multiple DELETE or POST requests to /api/pull endpoint from single source

SIEM Query:

source="ollama.log" AND (uri_path="/api/pull" AND (method="POST" OR method="DELETE"))

📊 Metadata

CVE ID: CVE-2025-44779

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWE: CWE-20

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: August 7, 2025

Last Updated: August 14, 2025

🔗 References

https://a1batr0ss.top/2025/03/17/Ollama-arbitrary-file-deletion-vulnerability/ Broken Link
https://a1batr0ss.top/2025/08/06/CVE-2025-44779-Ollama-arbitrary-file-deletion/ Broken Link
https://github.com/ollama/ollama Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44779, you might also want to check these: