CVE-2025-0317
Published: 20 March 2025
Summary
CVE-2025-0317 is a high-severity Divide By Zero (CWE-369) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the division by zero flaw in the ggufPadding function triggered by malicious GGUF model uploads, preventing server crashes.
Validates the content of uploaded GGUF model files to block malformed inputs that cause division by zero in ggufPadding.
Ensures graceful handling of errors like division by zero in ggufPadding without resulting in server crash or DoS.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables a denial-of-service attack by allowing upload of a malicious GGUF model file that triggers a division-by-zero crash in the Ollama server, matching Endpoint Denial of Service: Application or System Exploitation.
NVD Description
A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to…
more
crash and resulting in a Denial of Service (DoS) attack.
Deeper analysisAI
CVE-2025-0317 is a denial-of-service vulnerability in ollama/ollama versions <=0.3.14. It stems from a division by zero error (CWE-369) in the ggufPadding function, which a malicious user can trigger by uploading and creating a customized GGUF model file on the Ollama server. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with low complexity and no privileges required.
A remote, unauthenticated attacker can exploit this vulnerability over the network by uploading a specially crafted GGUF model file to the Ollama server. Successful exploitation leads to a server crash, resulting in a denial-of-service condition that disrupts service availability without affecting confidentiality or integrity.
For mitigation details, security practitioners should consult the advisory published on Huntr at https://huntr.com/bounties/a9951bca-9bd8-49b2-b143-4cd4219f9fa0, which reported the issue as a bounty finding. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- Classification Reason
- Ollama is a platform for serving and running LLMs locally via API, handling GGUF model files for inference, making it fit 'APIs and Models'. The vulnerability involves malicious model file upload leading to DoS during model processing.