CVE-2025-0330

High CVSS: 7.5

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Vendor

Litellm

Product

Litellm

CWE

CWE-1230

Yayın Tarihi

2025-03-20 10:15:52

Güncelleme

2025-08-01 13:58:47

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-1230 Litellm HIGH Litellm 2025

Referanslar

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a

Benzer Kayıtlar

Medium

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key…

High

CVE-2024-9606

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi…

High

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited b…

High

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the hand…