CVE-2025-0628

NONE EPSS 23.3%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

Threat Intelligence

EPSS Exploit Probability
23.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-266

References 2

  • github.com https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b
  • huntr.com https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.