What is the CVSS score of CVE-2025-15063?

CVE-2025-15063 has a CVSS 3.0 base score of 9.8 (Critical). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.0%.

Which versions of AI / ML are affected by CVE-2025-15063?

CVE-2025-15063 is a critical remote code execution vulnerability in Ollama MCP Server with a 9.8 CVSS score that allows unauthenticated attackers to execute arbitrary commands.

How to fix or mitigate CVE-2025-15063?

Within 24 hours: Identify all systems running Ollama MCP Server and isolate them from production networks if possible; disable Ollama MCP Server if not essential to operations. Within 7 days: Implement network-level access controls restricting Ollama MCP Server to trusted internal networks only; deploy WAF rules to block suspicious command execution patterns; enable enhanced logging and monitoring for all Ollama MCP Server traffic. Within 30 days: Evaluate alternative solutions; maintain continuous monitoring for vendor patch release; conduct security audit of affected systems for signs of compromise.

AI / ML CVE-2025-15063

CRITICAL

OS Command Injection (CWE-78)

2026-01-23 zdi-disclosures@trendmicro.com

RCE Command Injection AI / ML Ollama

9.8

CVSS 3.0 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 04:16 nvd

CRITICAL 9.8

DescriptionCVE.org

Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27683.

AnalysisAI

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

Technical ContextAI

The Ollama MCP Server has a CWE-78 command injection in the execAsync function that allows remote command execution through crafted MCP protocol messages.

Affected ProductsAI

Ollama MCP Server

RemediationAI

Update the MCP server. Bind to localhost only. Sanitize all command inputs.

CVE-2025-15063 vulnerability details – vuln.today

Back

AI / ML CVE-2025-15063

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code