Login Sign Up

CVE-2025-66959

7.5 HIGH
Denial of Service

📋 TL;DR

A vulnerability in ollama's GGUF decoder allows remote attackers to trigger a denial of service by sending specially crafted input. This affects all systems running vulnerable versions of ollama that expose the service to untrusted networks. The issue stems from improper input validation when processing GGUF model files.

💻 Affected Systems

Products:
  • ollama
Versions: v0.12.10 and possibly earlier versions
Operating Systems: All platforms running ollama
Default Config Vulnerable: ⚠️ Yes
Notes: Any ollama instance that can receive GGUF model files is vulnerable, regardless of configuration.

📦 What is this software?

Ollama by Ollama

View all CVEs affecting Ollama →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability requiring manual restart, potentially disrupting AI inference workloads and dependent applications.

🟠

Likely Case

Service crashes when processing malicious GGUF files, requiring restart and causing temporary service interruption.

🟢

If Mitigated

Minimal impact if service is isolated behind proper network controls and input validation.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication to crash the service.
🏢 Internal Only: MEDIUM - Internal users or compromised systems could still trigger the DoS condition.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept details are publicly available in the references, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.12.11 or later

Vendor Advisory: https://github.com/ollama/ollama/issues/9820

Restart Required: Yes

Instructions:

1. Stop ollama service
2. Update ollama to v0.12.11 or later using your package manager or download from official sources
3. Restart ollama service

🔧 Temporary Workarounds

Network isolation

all

Restrict ollama service to trusted networks only

# Configure firewall to block external access to ollama port (default 11434)
sudo ufw deny 11434
# Or use specific IP whitelisting

Input validation proxy

all

Deploy a reverse proxy to validate GGUF files before they reach ollama

# Implement custom middleware or use WAF to inspect GGUF headers

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate ollama from untrusted networks
  • Monitor for service crashes and implement automated restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check ollama version: ollama --version. If version is 0.12.10 or earlier, system is vulnerable.

Check Version:

ollama --version

Verify Fix Applied:

After updating, verify version is 0.12.11 or later and test with known safe GGUF files.

📡 Detection & Monitoring

Log Indicators:

  • Panic messages in logs containing 'GGUF decoder' or 'unchecked length'
  • Service crash/restart events
  • Unexpected termination of ollama process

Network Indicators:

  • Unusual GGUF file uploads from untrusted sources
  • Multiple connection attempts to ollama port 11434

SIEM Query:

process.name:"ollama" AND (log_message:"panic" OR log_message:"GGUF" OR event_type:"crash")

📊 Metadata

CVE ID: CVE-2025-66959
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.19% exploit probability (40.6th percentile)
Published: January 21, 2026
Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66959, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)