Buffer Overflow Vulnerability in Llama.cpp Affects Multiple Large Language Models
CVE-2025-49847

8.8HIGH

Key Information:

Vendor: Ggml-org
Status: Llama.cpp
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-49847?

The vulnerability in Llama.cpp stems from inadequate handling of attacker-supplied GGUF model vocabularies, allowing malicious actors to exploit buffer overflow vulnerabilities. In the affected versions, an oversized token length is improperly cast, resulting in bypassing critical length checks. This allows for unsafe memory copying operations that can lead to arbitrary memory corruption and possible code execution. Users are strongly advised to upgrade to version b5662 or later to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

llama.cpp < b5662

References

https://github.com/ggml-org/llama.cpp/security/advisories...

x_refsource_CONFIRM

https://github.com/ggml-org/llama.cpp/commit/3cfbbdb44e08...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 11, 2025

JSON

Ggml-org

What is CVE-2025-49847?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.