Sensitive Information Leak in Berriai Litellm Proxy Component
CVE-2025-0330

7.5HIGH

Key Information:

Vendor: Berriai
Status: Berriai/litellm
Vendor: CVE Published:; 20 March 2025

Summary

In version v1.52.1 of Berriai's Litellm, a flaw in the proxy_server.py file can lead to the unintentional exposure of critical Langfuse API keys when errors arise during the processing of team settings. This information leak may allow unauthorized individuals to access sensitive data and potentially control the Langfuse project that retains all user requests, increasing the risk of data compromise and security breaches.

Affected Version(s)

berriai/litellm <= unspecified

References

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b8...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jan 8, 2025