CVE-2025-63389: A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and includ
Summary
CVE-2025-63389 is a critical vulnerability in Ollama (an AI platform) versions up to v0.12.3 where API endpoints (connection points for software communication) are exposed without authentication (verification of identity), allowing attackers to remotely perform unauthorized model management operations. The vulnerability stems from missing authentication checks on critical functions.
Vulnerability Details
9.8(critical)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-63389
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 92%