How to fix CVE-2025-15063?

Within 24 hours: Identify all systems running Ollama MCP Server and isolate them from production networks if possible; disable Ollama MCP Server if not essential to operations. Within 7 days: Implement network-level access controls restricting Ollama MCP Server to trusted internal networks only; deploy WAF rules to block suspicious command execution patterns; enable enhanced logging and monitoring for all Ollama MCP Server traffic. Within 30 days: Evaluate alternative solutions; maintain continuous monitoring for vendor patch release; conduct security audit of affected systems for signs of compromise.

Is Command Injection affected by CVE-2025-15063?

CVE-2025-15063 is a critical remote code execution vulnerability in Ollama MCP Server with a 9.8 CVSS score that allows unauthenticated attackers to execute arbitrary commands. Organizations using Ollama MCP Server face immediate risk of system compromise, data breach, and operational disruption.

CVE-2025-15063

CRITICAL

2026-01-23 [email protected]

9.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 04:16 nvd

CRITICAL 9.8

Description

Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ollama MCP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27683.

Analysis

Ollama MCP Server has a command injection vulnerability in execAsync (EPSS 1.0%) allowing remote attackers to execute arbitrary commands on systems running the Ollama AI integration.

Technical Context

The Ollama MCP Server has a CWE-78 command injection in the execAsync function that allows remote command execution through crafted MCP protocol messages.

Affected Products

['Ollama MCP Server']

Remediation

Update the MCP server. Bind to localhost only. Sanitize all command inputs.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.0

CVSS: +49

POC: 0

CVE-2025-15063 vulnerability details – vuln.today

Back

CVE-2025-15063

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-15063

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code