CVE-2025-0315
Published: 20 March 2025
Summary
CVE-2025-0315 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly protects the Ollama server from denial-of-service attacks involving unlimited memory allocation triggered by malicious GGUF model files.
Validates uploaded GGUF model files to ensure they do not contain structures that cause unbounded memory allocation during creation.
Establishes quotas and protections for memory resources to prevent exhaustion from processing malicious model files on the Ollama server.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables denial of service by allowing upload of a malicious GGUF model file that triggers unlimited memory allocation in the Ollama server application, facilitating endpoint DoS via application exploitation.
NVD Description
A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service…
more
(DoS) attack.
Deeper analysisAI
CVE-2025-0315 is a vulnerability in ollama/ollama versions up to and including 0.3.14. It enables a malicious user to craft a customized GGUF model file, upload it to the Ollama server, and create it, triggering unlimited memory allocation on the server. This results in a Denial of Service (DoS) condition due to memory exhaustion. The issue is tracked under CWE-770 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high-impact availability disruption.
An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and without requiring user interaction. By uploading and creating the malicious GGUF model file via the Ollama server, the attacker causes excessive memory consumption, crashing the server and denying service to other users or applications relying on it.
Further details on the vulnerability, including potential mitigations, are available in the Huntr bounty advisory at https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Ollama is an AI platform providing APIs for managing and running LLMs locally, with the vulnerability occurring during model file (GGUF) upload and creation on the server.