{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1975", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-03-04T21:57:53.651Z", "datePublished": "2025-05-16T08:25:57.177Z", "dateUpdated": "2025-05-16T15:50:11.815Z"}, "containers": {"cna": {"title": "Improper Validation of Array Index in ollama/ollama", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-05-16T08:25:57.177Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash."}], "affected": [{"vendor": "ollama", "product": "ollama/ollama", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-129 Improper Validation of Array Index", "cweId": "CWE-129"}]}], "source": {"advisory": "921ba5d4-f1d0-4c66-9764-4f72dffe7acd", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T15:50:00.712099Z", "id": "CVE-2025-1975", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T15:50:11.815Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1975", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T15:50:00.712099Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T15:50:06.022Z"}}], "cna": {"title": "Improper Validation of Array Index in ollama/ollama", "source": {"advisory": "921ba5d4-f1d0-4c66-9764-4f72dffe7acd", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ollama", "product": "ollama/ollama", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-05-16T08:25:57.177Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1975", "state": "PUBLISHED", "dateUpdated": "2025-05-16T15:50:11.815Z", "dateReserved": "2025-03-04T21:57:53.651Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-05-16T08:25:57.177Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ollama:ollama:0.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "DEA55A78-DD60-4F94-87FE-C0F18323C758", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash."}, {"lang": "es", "value": "Una vulnerabilidad en la versi\u00f3n 0.5.11 del servidor Ollama permite a un usuario malintencionado provocar un ataque de denegaci\u00f3n de servicio (DoS) personalizando el contenido del manifiesto y suplantando un servicio. Esto se debe a una validaci\u00f3n incorrecta del acceso al \u00edndice de la matriz al descargar un modelo mediante el endpoint /api/pull, lo que puede provocar un fallo del servidor."}], "id": "CVE-2025-1975", "lastModified": "2025-06-24T16:40:44.220", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-05-16T09:15:17.980", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@huntr.dev", "type": "Primary"}]}

{"bugzilla": {"description": "ollama: Improper Validation of Array Index in ollama/ollama", "id": "2366820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366820"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-129", "details": ["A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.", "A flaw was discovered in Ollama. This flaw allows a malicious to cause a denial of service (DoS) attack in affected versions by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-1975", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-05-16T08:25:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1975\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1975\nhttps://huntr.com/bounties/921ba5d4-f1d0-4c66-9764-4f72dffe7acd"], "statement": "Ansible LightSpeed does not use Ollama and is not installed in this image, therefore this product is not vulnerable by this flaw.", "threat_severity": "Important"}

{}