VDB

CESS-2025-51471

CESS-2025-51471 PUBLISHED CVSS 6.9 MEDIUM

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

Risk Scores

CVSS 3.1
6.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Timeline

  • Jul 22, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›