Cyber Resilience

CVE-2025-0315

HighPublic PoCDDoS

Published: 20 March 2025

Published
20 March 2025
Modified
02 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0315 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2025-0315 is a vulnerability in ollama/ollama versions up to and including 0.3.14. It enables a malicious user to craft a customized GGUF model file, upload it to the Ollama server, and create it, triggering unlimited memory allocation on the server. This results in a Denial of Service (DoS) condition due to memory exhaustion. The issue is tracked under CWE-770 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high-impact availability disruption.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and without requiring user interaction. By uploading and creating the malicious GGUF model file via the Ollama server, the attacker causes excessive memory consumption, crashing the server and denying service to other users or applications relying on it.

Further details on the vulnerability, including potential mitigations, are available in the Huntr bounty advisory at https://huntr.com/bounties/da414d29-b55a-496f-b135-17e0fcec67bc. The vulnerability was published on 2025-03-20.

EU & UK References

Vulnerability details

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service…

more

(DoS) attack.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables denial of service by allowing upload of a malicious GGUF model file that triggers unlimited memory allocation in the Ollama server application, facilitating endpoint DoS via application exploitation.

CVEs Like This One

CVE-2024-12055Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-66960Same product: Ollama Ollama
CVE-2025-66959Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2021-47877Shared CWE-770

Affected Assets

ollama
ollama
≤ 0.3.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects the Ollama server from denial-of-service attacks involving unlimited memory allocation triggered by malicious GGUF model files.

prevent

Validates uploaded GGUF model files to ensure they do not contain structures that cause unbounded memory allocation during creation.

prevent

Establishes quotas and protections for memory resources to prevent exhaustion from processing malicious model files on the Ollama server.

References