Cyber Resilience

CVE-2025-66960

HighPublic PoCDDoS

Published: 21 January 2026

Published
21 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0062 70.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66960 is a high-severity Improper Input Validation (CWE-20) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-66960 is a denial-of-service vulnerability affecting Ollama version 0.12.10. The issue resides in the fs/ggml/gguf.go file, specifically the readGGUFV1String function, which reads a string length directly from untrusted GGUF metadata without proper validation. This flaw, associated with CWE-20 (Improper Input Validation) and CWE-400 (Uncontrolled Resource Consumption), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-01-21T18:16:23.950.

A remote attacker can exploit this vulnerability without authentication privileges or user interaction by supplying malicious GGUF metadata to an Ollama instance listening over the network. Successful exploitation triggers a panic or resource exhaustion in the readGGUFV1String function, resulting in high-impact denial of service that crashes the service or renders it unavailable.

Mitigation details are available in the referenced advisories, including the Ollama GitHub issue at https://github.com/ollama/ollama/issues/9820 and the technical analysis at https://zero.shotlearni.ng/blog/cve-2025-66960guf-v1-string-length-cause-panic-in-readggufv1string/.

EU & UK References

Vulnerability details

An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ggml, ollama

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The CVE describes remote exploitation of an input validation flaw in Ollama's GGUF metadata parser (readGGUFV1String) that directly triggers application panic or resource exhaustion, matching T1499.004 Application or System Exploitation for DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-66959Same product: Ollama Ollama
CVE-2025-0315Same product: Ollama Ollama
CVE-2025-15514Same product: Ollama Ollama
CVE-2025-0317Same product: Ollama Ollama
CVE-2024-8063Same product: Ollama Ollama
CVE-2025-0312Same product: Ollama Ollama
CVE-2024-12055Same product: Ollama Ollama
CVE-2025-63389Same product: Ollama Ollama
CVE-2026-7482Same product: Ollama Ollama
CVE-2026-33287Shared CWE-20, CWE-400

Affected Assets

ollama
ollama
0.12.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly addresses the improper input validation of untrusted GGUF metadata string lengths in readGGUFV1String, preventing panic or resource exhaustion.

prevent

SI-2 ensures timely flaw remediation by patching the specific vulnerability in Ollama's GGUF parsing code.

prevent

SC-5 implements denial-of-service protections to mitigate resource exhaustion from malicious GGUF metadata over the network.

References