How Exposed Endpoints Increase Risk Across LLM Infrastructure

As more organizations run their own Large Language Models LLMs, they are also deploying more internal services and Application Programming Interfaces APIs to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that...

GO-2025-4251 Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama

Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama...

PT-2026-2975

Ollama has missing authentication enabling attackers to perform model management operations in github.com/ollama/ollama...

Authentication Bypass

Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...

CVE-2025-63389

A flaw was found in Ollama. This critical authentication bypass vulnerability allows remote attackers to perform unauthorized model management operations. The platform exposes multiple API endpoints without requiring authentication, enabling attackers to manipulate models without proper...

SUSE CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

EUVD-2025-204310

Ollama Platform has missing authentication enabling attackers to perform model management operations...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via exposed API endpoints that do not require authentication. An attacker can perform unauthorized model management operations by sending crafted requests to these endpoints...

GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama v0.12.3 and prior versions that stems from an authentication bypass that could lead to unauthorized model management operations...

CVE-2025-63389

CVE-2025-63389 affects Ollama Platform. The vulnerability is an authentication bypass in API endpoints present in versions prior to and including v0.12.3, allowing remote attackers to perform unauthorized model management operations. The issue is confirmed across multiple sources (including OSV e...

CVE-2025-63389

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

PT-2025-52239

Name of the Vulnerable Software and Affected Versions Ollama versions prior to 0.12.3 Description A critical issue allows attackers to bypass authentication in the Ollama platform. The platform exposes API endpoints without authentication requirements, allowing remote attackers to perform...

EUVD-2023-3225

Malicious code in bioql PyPI...

EUVD-2023-2995

Malicious code in bioql PyPI...

EUVD-2024-50914

Malicious code in bioql PyPI...

EUVD-2025-1831

Malicious code in bioql PyPI...