Cyber Resilience

CVE-2025-0312

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
28 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0014 34.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0312 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-0312 is a vulnerability in ollama/ollama versions up to and including 0.3.14 that results from an unchecked null pointer dereference (CWE-476). A malicious user can create a customized GGUF model file, which, when uploaded and processed on the Ollama server, triggers the dereference and causes a crash.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), meaning it can be exploited remotely over the network with low attack complexity and no privileges or user interaction required. An unauthenticated attacker can upload the malicious GGUF model file to the server, achieving a Denial of Service (DoS) by crashing the service and disrupting availability.

Mitigation details are available in the referenced advisory at https://huntr.com/bounties/522c87b6-a7ac-41b2-84f3-62fd58921f21.

EU & UK References

Vulnerability details

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead…

more

to a Denial of Service (DoS) attack via remote network.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote denial of service by crashing the Ollama server application through exploitation of an unchecked null pointer dereference when processing a malicious GGUF model file.

CVEs Like This One

CVE-2024-12055Same product: Ollama Ollama
CVE-2025-0315Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-66960Same product: Ollama Ollama
CVE-2025-66959Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2026-40413Shared CWE-476

Affected Assets

ollama
ollama
≤ 0.3.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires applying patches to Ollama versions >0.3.14 to directly fix the unchecked null pointer dereference vulnerability.

prevent

Information input validation checks uploaded GGUF model files for malformed structures that could trigger the null pointer dereference crash.

prevent

Denial-of-service protection implements rate limiting and resource controls on model uploads to mitigate repeated crash attempts.

References