Cyber Resilience

CVE-2025-66959

HighPublic PoCDDoS

Published: 21 January 2026

Published
21 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0062 70.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66959 is a high-severity Improper Input Validation (CWE-20) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-66959 is a denial-of-service vulnerability in Ollama version 0.12.10, published on 2026-01-21. The flaw exists in the GGUF decoder and is classified under CWE-20 (Improper Input Validation) and CWE-400 (Uncontrolled Resource Consumption). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact.

A remote, unauthenticated attacker can exploit the vulnerability over the network with low attack complexity and no user interaction required. By crafting malicious input targeting the GGUF decoder, the attacker triggers a denial of service, such as a panic or crash, disrupting service availability without compromising confidentiality or integrity.

Mitigation details are available in the referenced advisories, including the Ollama GitHub issue at https://github.com/ollama/ollama/issues/9820 and the technical analysis at https://zero.shotlearni.ng/blog/cve-2025-66959panic-dos-via-unchecked-length-in-gguf-decoder-copy/. Security practitioners should consult these for patch information and recommended updates.

EU & UK References

Vulnerability details

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote exploitation of input validation flaw in GGUF decoder directly enables application/system crash for denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-66960Same product: Ollama Ollama
CVE-2025-0315Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2024-12055Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2026-33287Shared CWE-20, CWE-400

Affected Assets

ollama
ollama
0.12.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validating inputs to the GGUF decoder, directly addressing the improper input validation (CWE-20) that enables the DoS crash.

prevent

SC-5 provides denial-of-service protection mechanisms to mitigate uncontrolled resource consumption (CWE-400) from malicious GGUF inputs causing service crashes.

prevent

SI-2 ensures timely flaw remediation by applying patches for the known GGUF decoder vulnerability in Ollama v0.12.10.

References