{"data":{"id":"a6e1efd6-7fe0-4058-98a6-4c406ac93cec","title":"CVE-2025-51471: Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authen","summary":"Ollama version 0.6.7 has a cross-domain token exposure vulnerability (CVE-2025-51471) in its authentication system where attackers can steal authentication tokens and bypass access controls by sending a malicious realm value in a WWW-Authenticate header (a standard web authentication response) through the /api/pull endpoint. This allows remote attackers, who don't need existing access, to gain unauthorized entry to the system.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-51471","publishedAt":"2025-07-22T23:15:25.403Z","cveId":"CVE-2025-51471","cweIds":["CWE-345","CWE-384"],"cvssScore":"6.9","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00031,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}