{"data":{"id":"60c9813d-0dd8-484e-a82e-f0459c92b4dc","title":"CVE-2025-15063: Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote atta","summary":"Ollama MCP Server contains a command injection vulnerability (a flaw where an attacker can insert malicious commands into user input that gets executed) in its execAsync method that allows unauthenticated attackers to run arbitrary code on the affected system. The vulnerability exists because the server doesn't properly validate user input before passing it to system commands, letting attackers execute code with the same privileges as the service running the server.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-15063","publishedAt":"2026-01-23T09:16:01.170Z","cveId":"CVE-2025-15063","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ollama","Ollama MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00979,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}