CVE-2025-66960 is a vulnerability identified in the open-source or proprietary software component ollama, specifically version 0.12.10. The issue arises in the function readGGUFV1String located in the source file fs/ggml/gguf.go. This function is responsible for reading string lengths from GGUF metadata, which is untrusted input. Due to insufficient validation of the string length value, a remote attacker can supply malformed GGUF metadata that triggers excessive resource consumption or crashes the application, resulting in a denial of service (DoS). The vulnerability is categorized under CWE-400, indicating uncontrolled resource consumption, and CWE-20, which involves improper input validation. The CVSS v3.1 base score is 7.5, reflecting high severity, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. No patches or fixes are currently listed, and no exploits have been reported in the wild as of the publication date (January 21, 2026). This vulnerability could be exploited by attackers to disrupt services relying on ollama, potentially impacting AI/ML workflows or applications that utilize GGUF metadata parsing. The lack of authentication or user interaction requirements increases the risk of automated exploitation attempts.

For European organizations, the primary impact of CVE-2025-66960 is the potential for denial of service attacks that could disrupt critical AI/ML services or software relying on ollama components. This could lead to downtime, loss of productivity, and interruption of business operations, particularly in sectors heavily dependent on AI technologies such as finance, healthcare, manufacturing, and research institutions. The vulnerability does not compromise data confidentiality or integrity but can degrade system availability, which is critical for real-time or high-availability environments. Organizations running vulnerable versions in production or development environments may face increased risk of targeted attacks or automated scanning. Additionally, the disruption could affect supply chains or collaborative projects involving AI models if shared infrastructure is impacted. The lack of known exploits currently provides a window for proactive mitigation, but the ease of exploitation and network accessibility make timely remediation essential.

1. Monitor official ollama repositories and vendor communications for patches or updates addressing CVE-2025-66960 and apply them promptly once available. 2. Implement network-level access controls to restrict exposure of services parsing GGUF metadata to trusted internal networks or VPNs only. 3. Employ input validation and sanitization mechanisms at the application or middleware layer to detect and reject malformed GGUF metadata before processing. 4. Use runtime application self-protection (RASP) or web application firewalls (WAF) with custom rules to detect anomalous requests targeting the vulnerable function. 5. Conduct regular vulnerability scanning and penetration testing focused on AI/ML components and their dependencies. 6. Establish monitoring and alerting for unusual resource consumption or application crashes related to ollama services. 7. Educate development and security teams about the risks of improper input validation in AI/ML software to prevent similar issues in future code. 8. Consider isolating or sandboxing the processing of untrusted GGUF metadata to limit the impact of potential exploitation.