Cyber Resilience

CVE-2025-0317

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
02 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0209 84.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0317 is a high-severity Divide By Zero (CWE-369) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 15.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

Ollama versions 0.3.14 and earlier contain a division-by-zero vulnerability in the ggufPadding function that processes uploaded GGUF model files. The flaw resides in the model's file-handling component and is tracked as CWE-369, with a CVSS 3.1 score of 7.5 indicating network attack vector, low complexity, and high availability impact.

An unauthenticated remote attacker can exploit the issue by uploading a crafted GGUF model to the Ollama server, triggering the division-by-zero error and crashing the service to achieve denial of service. No authentication or user interaction is required.

The vulnerability was disclosed via a Huntr bounty submission, though the reference contains no explicit details on patches or mitigation steps. EPSS scores remain low at a current value of 0.0209 with a peak of 0.0327, and no information on active exploitation is provided.

EU & UK References

Vulnerability details

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to…

more

crash and resulting in a Denial of Service (DoS) attack.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables a denial-of-service attack by allowing upload of a malicious GGUF model file that triggers a division-by-zero crash in the Ollama server, matching Endpoint Denial of Service: Application or System Exploitation.

CVEs Like This One

CVE-2024-8063Same product: Ollama Ollama
CVE-2025-0315Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2024-12055Same product: Ollama Ollama
CVE-2025-66959Same product: Ollama Ollama
CVE-2025-66960Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2026-25799Shared CWE-369

Affected Assets

ollama
ollama
≤ 0.3.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the division by zero flaw in the ggufPadding function triggered by malicious GGUF model uploads, preventing server crashes.

prevent

Validates the content of uploaded GGUF model files to block malformed inputs that cause division by zero in ggufPadding.

prevent

Ensures graceful handling of errors like division by zero in ggufPadding without resulting in server crash or DoS.

References