CNNVD-202507-2911 Information

CNNVD ID

CNNVD-202507-2911

Related CVE

CVE-2025-51471

• CNNVD Published: 2025-07-22

Description (Chinese)

Ollama是Ollama开源的一个可以在本地启动并运行的大型语言模型。 Ollama 0.6.7版本存在安全漏洞，该漏洞源于server.auth.getAuthorizationToken存在跨域令牌暴露漏洞，可能导致绕过访问控制。

Description (English)

Ollama is a large-scale local language model that can be started and run locally. Release 0.6.7 of Ollama has a security loophole, which stems from the presence of cross-domain token token, which may lead to bypassing access controls.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ollama

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/ollama/ollama https://www.gecko.security/blog/cve-2025-51471 https://github.com/ollama/ollama/pull/10750 https://nvd.nist.gov/vuln/detail/CVE-2025-51471

Patch

https://github.com/ollama/ollama/releases