Cyber Resilience

CVE-2025-15514

HighPublic PoCUpdated

Published: 12 January 2026

Published
12 January 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0063 45.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-15514 is a high-severity Use of NullPointerException Catch to Detect NULL Pointer Dereference (CWE-395) vulnerability in Ollama Ollama. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-15514 is a null pointer dereference vulnerability affecting Ollama versions 0.11.5-rc0 through 0.13.5 in the multi-modal model image processing functionality. The issue arises when processing base64-encoded image data submitted via the /api/chat endpoint. The application does not validate that the decoded data represents valid media before passing it to the mtmd_helper_bitmap_init_from_buf function, which can return NULL for malformed input. Subsequent code fails to check this return value before dereferencing the pointer, leading to a segmentation fault.

A remote attacker with network access can exploit this vulnerability without authentication or user interaction by sending specially crafted base64-encoded image data that decodes to invalid media. This triggers a crash in the runner process, resulting in a denial-of-service condition where the model becomes unavailable to all users until the service is manually restarted. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-395 (Use of Null Pointer).

Advisories and reports detailing the vulnerability and potential mitigations are available from sources including the official Ollama GitHub repository at https://github.com/ollama/ollama, a Huntr bounty report at https://huntr.com/bounties/172df98b-07cd-41ea-a628-366f8cd525c0, the Ollama website at https://ollama.com/, and a Vulncheck advisory at https://www.vulncheck.com/advisories/ollama-multi-modal-image-processing-null-pointer-dereference. Security practitioners should consult these for patch information and remediation guidance.

EU & UK References

Vulnerability details

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid media…

more

before passing it to the mtmd_helper_bitmap_init_from_buf function. This function can return NULL for malformed input, but the code does not check this return value before dereferencing the pointer in subsequent operations. A remote attacker can exploit this by sending specially crafted base64 image data that decodes to invalid media, causing a segmentation fault and crashing the runner process. This results in a denial of service condition where the model becomes unavailable to all users until the service is restarted.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null dereference in unauthenticated public /api/chat endpoint allows remote DoS via crafted input, directly mapping to public app exploitation and application-layer DoS via vulnerability trigger.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-0315Same product: Ollama Ollama
CVE-2024-12055Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2025-66960Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2025-66959Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-42249Same product: Ollama Ollama

Affected Assets

ollama
ollama
0.11.5 · 0.11.6 — 0.13.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring identification, reporting, correction, and verification of the null pointer dereference flaw in Ollama's image processing code.

prevent

Mandates validation of base64-encoded image inputs at the /api/chat endpoint to ensure decoded data is valid media before passing to mtmd_helper_bitmap_init_from_buf.

prevent

Requires proper error handling for NULL returns from mtmd_helper_bitmap_init_from_buf to avoid dereferencing and subsequent segmentation fault.

References