Notice on the security risks of the large model tool Ollama

Written by

Silas Grey

Updated on:July-14th-2025

According to the analysis of the Joint Research Center for Cyberspace Mapping of Tsinghua University , the default configuration of the open source cross-platform large model tool Ollama has security risks such as unauthorized access and model theft. Given that the research, deployment and application of large models such as DeepSeek are very extensive, most users use Ollama private deployment and do not modify the default configuration, which poses security risks such as data leakage, computing power theft, and service interruption , which can easily lead to network and data security incidents.

1. Details of potential risks

When using Ollma to deploy large models such as DeepSeek locally , a web service will be started locally , and port 11434 will be opened by default without any authentication mechanism. This service is directly exposed to the public network environment, which poses the following risks:

1. Unauthorized access : Unauthorized users can access the model at will and use specific tools to directly operate the model and its data. Attackers can call model services and obtain model information without authentication, and even delete model files or steal data through malicious instructions.

2. Data leakage : Model data can be accessed and extracted through specific interfaces, which may lead to data leakage risks . For example , through the / api/show interface , attackers can obtain sensitive information such as the model's license , and other interfaces can obtain relevant sensitive data information of the deployed model.

3. Attackers can exploit historical vulnerabilities in the Ollama framework ( CVE-2024-39720/39722/39719/39721 ) to directly call the model interface to perform operations such as data poisoning, parameter theft, malicious file upload, and key component deletion , causing the core data, algorithm integrity, and operational stability of the model service to face security risks .

2. Security reinforcement suggestions

1. Limit the Ollama monitoring range : only allow local access to port 11434 and verify the port status.

2. Configure firewall rules : implement bidirectional port filtering on the public network interface and block inbound and outbound traffic of port 11434 .

3. Implement multi - layer authentication and access control : Enable API key management, change keys regularly and limit the frequency of calls . Deploy IP whitelist or zero-trust architecture to authorize access only to trusted devices.

4. Disable dangerous operation interfaces : such as push/delete/pull , etc. , and limit the calling frequency of the chat interface to prevent DDoS attacks .

5. Historical vulnerability repair : Update Ollama to a secure version in a timely manner and repair known security vulnerabilities.

At present, a large number of servers with such security risks have been exposed on the Internet. It is recommended that users strengthen the risk investigation, carry out security reinforcement in a timely manner, report to the local public security network security department as soon as possible when they find a network attack, and cooperate with the public security network security department to carry out investigation and disposal.

The National Cyberspace and Information Security Information Notification Center will further strengthen monitoring and issue follow-up notifications in a timely manner.