Ollama, Nvidia Flaws Put AI Infrastructure at Risk

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.November 7, 2025A set of newly discovered vulnerabilities would have enabled exploitation of popular AI inference systems Ollama and NVIDIA Triton Inference Server. That's according to security firm Fuzzinglabs, which will unveil research concerning new AI infrastructure vulnerabilities on Dec. 10 as part of Black Hat Europe 2025. CEO Patrick Ventuzelo and COO Nabih Benazzouz will present the research, which included four vulnerabilities in AI model runner Ollama and one in NVIDIA's model deployment product Triton Inference Server.The Ollama flaws included denial-of-service bug CVE-2024-12886, authentication bypass vulnerability CVE-2025-51471, arbitrary file copy vulnerability CVE-2025-48889, and a heap overflow bug that has not received a CVE yet. CVE-2024-12886 was assigned a CVSS score of 7.5, while the other vulnerabilities have not received scores.In Triton Server, Fuzzinglabs found a command injection vulnerability in the product's model configuration pipeline. This latter one, Ventuzelo tells Dark Reading, was particularly dangerous, as it was easy to execute and could have reliably resulted in remote code execution. If exploited, the flaw would not have needed prior authentication and attackers would have had free reign to execute "basically … whatever we want" on a vulnerable instance. Related:Critical Site Takeover Flaw Affects 400K WordPress Sites"It was really bad," Ventuzelo says, "and really, really easy to exploit."Though Ollama and NVIDIA fixed the flaws, they provide an example of how AI security research is focusing on the infrastructure of popular platforms and models more and more. In the early days following ChatGPT's public launch in November 2022, much of the research on AI and LLM security involved prompt injections, or using natural language to manipulate a model into taking an action not intended by the model's operator (such as leaking sensitive information or hallucinating). There is still plenty of research focused on LLM prompt injections and guardrail bypasses. At the same time, more and more technical AI security research is rising to the surface. Dark Reading asked Ventuzelo whether he, a red teamer who runs a security assessment firm, has noticed the same thing. "Yes, completely," he says. "As researchers, we are definitely shifting more into attacking infrastructure as well as the software running the model, and not just the model itself like before."Ventuzelo gave two reasons for this. One, the LLM models are maturing. Two, and more significantly, models are being deployed in such a way where the infrastructure itself is more prominent in environments. In turn, AI infrastructure has become more compelling as a research target. Related:Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users"I think it's mainly because of the fact that, before, it was mainly OpenAI running the models, but now people are starting to run models inside of infrastructure to get local AI modeling. More companies have started to run their models by themselves. That means they are running software to run and manage these models, and people [researchers and attackers] are going to be more interested in that," Ventuzelo says. "If you are running an Ollama server, is it exposed? If it's exposed in your company, that's a new target in the attack surface of your corporation."Some of the vulnerabilities to be discussed at Black Hat Europe were originally discovered as part of Pwn2Own Berlin 2025 in May. At the vulnerability research competition, which was hosted by Trend Micro's Zero Day Initiative (ZDI), AI systems made their debut as official competition targets. Ventuzelo tells Dark Reading that he appreciated competitions like Pwn2Own featuring AI, as well as vendors like NVIDIA that have opened themselves up to the security research community. Related:Android Malware Mutes Alerts, Drains Crypto WalletsThe Fuzzinglabs team will also discuss the defender angle as part of the session, and specifically how security teams working with AI infrastructure can better shore up their posture. Ventuzelo recommends, as many do with AI models, that organizations ensure their access control is in check. And if you're utilizing something like infrastructure to run a model, enterprises need to make sure it's in a good container and separate from other critical parts of the environment. Black Hat Europe 2025Dec 8, 2025 TO Dec 11, 2025Excel London, United KingdomBlack Hat Europe returns to the Excel in London with a four-day program this December 8-11, 2025. The event will open with two-and four-day options of specialized cybersecurity Trainings, with courses of all skill levels. The two-day main conference on December 10 & 11 boasts Briefings featuring the latest in research, developments, and trends in cybersecurity, along with dozens of open-source tool demos in Arsenal, a robust Business Hall, networking, and social events, and much more. Use promo code: DARKREADING to save $100 on your Briefings pass or to get a free Business pass.Alexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels.2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesYou May Also LikeNov 13, 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.