CVE-2024-6825

High CVSS: 8.8

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.

Vendor

Litellm

Product

Litellm

CWE

CWE-94

Yayın Tarihi

2025-03-20 10:15:33

Güncelleme

2025-10-15 13:15:49

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-94 Litellm HIGH Litellm 2025

Referanslar

https://github.com/berriai/litellm/commit/441c7275ed2715f47650a7c2e525055c804073a9 https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5

Benzer Kayıtlar

Medium

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key…

High

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc…

High

CVE-2024-9606

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi…

High

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited b…