Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-0312
CVE-2025-0312:
Wolfi vulnerability analysis and mitigation
Overview
A vulnerability identified as CVE-2025-0312 affects ollama/ollama versions 0.3.14 and earlier. The vulnerability was discovered and disclosed on March 20, 2025, and allows malicious users to create customized GGUF model files that can trigger a null pointer dereference on the Ollama server (NVD).
Technical details
The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that occurs when processing customized GGUF model files. The CVSS v3.1 base score is 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with low attack complexity and no required privileges or user interaction (NVD).
Impact
When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition through remote network access, causing the Ollama server to crash (NVD).
Mitigation and workarounds
Users should upgrade their Ollama installations to versions newer than 0.3.14 to address this vulnerability (NVD).
Additional resources
Source: This report was generated using AI
Related Wolfi vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management