CVE-2025-0317
Published: 20 March 2025
Summary
CVE-2025-0317 is a high-severity Divide By Zero (CWE-369) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
Ollama versions 0.3.14 and earlier contain a division-by-zero vulnerability in the ggufPadding function that processes uploaded GGUF model files. The flaw resides in the model's file-handling component and is tracked as CWE-369, with a CVSS 3.1 score of 7.5 indicating network attack vector, low complexity, and high availability impact.
An unauthenticated remote attacker can exploit the issue by uploading a crafted GGUF model to the Ollama server, triggering the division-by-zero error and crashing the service to achieve denial of service. No authentication or user interaction is required.
The vulnerability was disclosed via a Huntr bounty submission, though the reference contains no explicit details on patches or mitigation steps. EPSS scores remain low at a current value of 0.0209 with a peak of 0.0327, and no information on active exploitation is provided.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6832
Vulnerability details
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to…
more
crash and resulting in a Denial of Service (DoS) attack.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- Classification Reason
- Matched keywords: ollama
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables a denial-of-service attack by allowing upload of a malicious GGUF model file that triggers a division-by-zero crash in the Ollama server, matching Endpoint Denial of Service: Application or System Exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the division by zero flaw in the ggufPadding function triggered by malicious GGUF model uploads, preventing server crashes.
Validates the content of uploaded GGUF model files to block malformed inputs that cause division by zero in ggufPadding.
Ensures graceful handling of errors like division by zero in ggufPadding without resulting in server crash or DoS.