Overview
Recently, NSFOCUS detected that Ollama improperly configured and unauthorized access vulnerabilities were disclosed online (CNVD-2025-04094); Because Ollama does not have authentication and access control functions by default, when a user opens the service (port 11434 by default) to the public network, an unauthenticated attacker can directly call its API interface to steal sensitive model assets, feed false information, tamper with system configuration or abuse model reasoning resources. At present, the details of the vulnerability have been disclosed and it is found to be in use. Relevant users are requested to take measures for protection as soon as possible.
Ollama is an open source AI model project used to quickly start the running environment of large open source models such as llama, which simplifies the local deployment, operation and management process of big language models. By default, Ollama allows local access only and listens to 127.0.0.1. The identity authentication mechanism is not enabled.
Scope of Impact
Affected version: All versions
Note: If Ollama is not configured with identity authentication and directly opens to the public network, there will be this security risk.
Detection
Manual detection
User can use the following command to troubleshoot:
| sudo netstat -tulpn | grep 11434 |
If the output is similar to the following, it indicates that the service only allows local access:
| tcp 0 0 127.0.0.1:11434 0.0.0.0:* LISTEN 1234/ollama |
If the output contains 0.0.0.0:11434 or :::11434, it indicates that the service is open to the public network and there is a risk of unauthorized access:
| tcp 0 00.0.0.0:11434 0.0.0.0:* LISTEN 5678/ollama |
Tool detection
NSFOCUS Automated Penetration Test Tool (EZ) supports Ollama’s service identification and unauthorized access risk detection, which can be directly scanned by the web module. (Note: Please contact NSFOCUS sales personnel for the internal version)
Download link of the tool: https://github.com/m-sec-org/EZ/releases
Mitigation
At present, Ollama has not officially released a fixed version. Please take the following measures for protection as soon as possible:
1. If Ollama only provides local services, set the environment variable Environment = “OLLAMA_HOST=127.0.0.1” to allow only local access.
2. If Ollama needs to provide public network services, you can choose the following methods to add an authentication mechanism:
(1) Modify the configuration files config.yaml and settings.json to limit the IPaddress that can access the Ollama service;
(2) Authentication and authorization through reverse proxy (such as using OAuth2.0 protocol) to prevent unauthorized user access;
(3) Configure the IP whitelist through devices such as firewalls, and only allow access requests from trusted IP addresses.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.
