CVE-2025-45809

Medium CVSS: 5.4

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.

Vendor

Litellm

Product

Litellm

CWE

CWE-89

Yayın Tarihi

2025-07-03 19:15:24

Güncelleme

2026-03-12 17:16:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Litellm MEDIUM Litellm 2025

Referanslar

https://github.com/shadia0/Patienc/blob/main/litellm/SQL_injection.md https://huntr.com/bounties/3e6e4d40-b06a-4f54-a3ed-cc93584b12f3

Benzer Kayıtlar

High

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc…

High

CVE-2024-9606

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi…

High

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited b…

High

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the hand…