GobyVuls/Ollama Unauthorized Access Vulnerability (CNVD-2025-04094).md at 7ec571ffa35b2d72eab36db46bdc3b0e3e8cb175 - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-08-13 03:16:58 +00:00

Goby 7ec571ffa3

Update Ollama Unauthorized Access Vulnerability (CNVD-2025-04094).md

2025-03-03 18:35:46 +08:00

1.1 KiB

Raw Blame History

Updated document date: March 03, 2025

Ollama /api/tags Unauthorized Access Vulnerability (CNVD-2025-04094)

Vulnerability	Ollama /api/tags Unauthorized Access Vulnerability (CNVD-2025-04094)
Chinese name	Ollama /api/tags 未授权访问漏洞（CNVD-2025-04094）
CVSS core	6.50
FOFA Query (click to view the results directly)	[app="Ollama"]
Number of assets affected	2.3W+
Description	Ollama is an open-source Large Language Model (LLM) runtime environment and toolkit designed to help developers easily deploy, manage, and use models such as DeepSeek. Recently, it was disclosed that if Ollama directly exposes the service port (default 11434) to the public network and does not enable an authentication mechanism, remote attackers can access its high-risk interfaces without authorization.
Impact	Attackers may exploit these unauthorized interfaces to access sensitive data, abuse resources, or tamper with system configurations, further escalating the attack.
Affected versions	all