Cyber Resilience

CVE-2025-15063

CriticalRCE

Published: 23 January 2026

Published
23 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0211 79.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-15063 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 20.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-15063 is a command injection vulnerability in the execAsync method of Ollama MCP Server. The flaw stems from insufficient validation of user-supplied input before it is passed to a system call, enabling arbitrary command execution. It carries a CVSS score of 9.8 and is tracked under CWE-78.

Unauthenticated remote attackers can exploit the issue over the network to run arbitrary code in the context of the service account without any user interaction or privileges.

The vulnerability was reported as ZDI-CAN-27683 and is covered by the Zero Day Initiative advisory ZDI-26-020.

EPSS for the CVE rose from a low starting value to a recorded peak of 0.0127, indicating that exploitation interest emerged after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

more

implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27683.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp, ollama

Related Threats

CVEs Like This One

CVE-2026-34940Shared CWE-78
CVE-2026-35043Shared CWE-78
CVE-2026-44345Shared CWE-78
CVE-2018-25115Shared CWE-78
CVE-2025-41276Shared CWE-78
CVE-2026-28463Shared CWE-78
CVE-2024-55590Shared CWE-78
CVE-2026-23678Shared CWE-78
CVE-2025-56089Shared CWE-78
CVE-2025-56087Shared CWE-78

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of untrusted input before it is used in system calls, eliminating the root cause of the execAsync command injection.

prevent

Enforces access-control decisions on the service interface so that unauthenticated remote callers cannot reach the vulnerable execAsync path.

prevent

Restricts the system to a minimal set of allowed commands and disables unnecessary interpreters or shells that the injection would otherwise abuse.

References