CVE-2025-0317
Published: 20 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-0317 is a denial-of-service vulnerability in ollama/ollama versions <=0.3.14. It stems from a division by zero error (CWE-369) in the ggufPadding function, which a malicious user can trigger by uploading and creating a customized GGUF model file on the Ollama server. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with low complexity and no privileges required.
A remote, unauthenticated attacker can exploit this vulnerability over the network by uploading a specially crafted GGUF model file to the Ollama server. Successful exploitation leads to a server crash, resulting in a denial-of-service condition that disrupts service availability without affecting confidentiality or integrity.
For mitigation details, security practitioners should consult the advisory published on Huntr at https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0, which reported the issue as a bounty finding. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- APIs and Models
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Ollama is a platform for serving and running LLMs locally via API, handling GGUF model files for inference, making it fit 'APIs and Models'. The vulnerability involves malicious model file upload leading to DoS during model processing.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables a denial-of-service attack by allowing upload of a malicious GGUF model file that triggers a division-by-zero crash in the Ollama server, matching Endpoint Denial of Service: Application or System Exploitation.