CVE-2025-51471 — Ollama vulnerable to Cross-Domain Token Exposure in github.com/ollama/ollama

Description

Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.

How to fix CVE-2025-51471

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed
—no fix listed

Is CVE-2025-51471 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, <= 0.9.6
from 0
from 0, <= 0.6.7-NA

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

References (7)

ADVISORYgithub.com/advisories/GHSA-x9hg-5q6g-q3jr
ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-51471
EXPLOITwww.gecko.security/blog/cve-2025-51471
PATCHgithub.com/ollama/ollama
REPORTgithub.com/ollama/ollama/pull/10750