
We found results for “”
CVE-2025-0628
Good to know:

Date: March 20, 2025
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Authorization
CWE-285Top Fix

Upgrade Version
Upgrade to version litellm - 1.61.15;litellm - 1.61.15;https://github.com/BerriAI/litellm.git - null;https://github.com/BerriAI/litellm.git - v1.61.15-nightly
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |