CVE-2025-0628
NONE EPSS 23.3%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.
Threat Intelligence
EPSS Exploit Probability
23.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-266
References 2
- github.com https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b
- huntr.com https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.