VDB
CVE-2025-63389
CVE-2025-63389
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Ollama Platform has missing authentication enabling attackers to perform model management operations
EPSS 0.12% · 31.1th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.12%
31.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | ollama/ollama | 0 |
| n/a | n/a | n/a |
| ollama | ollama | 0 |
Timeline
- Dec 18, 2025 CVE Published
- Dec 18, 2025 PoC Published
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 27, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
- Jan 15, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 21, 2026 PoC Published