CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b
https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc

Configurations

No configuration.

History

15 Oct 2025, 13:16

Type	Values Removed	Values Added
CWE	~~CWE-285~~	CWE-266
Summary		(es) Existe una vulnerabilidad de autorización indebida en la última versión principal de BerriAI/litellm. Cuando un usuario con el rol "internal_user_viewer" inicia sesión en la aplicación, se le proporciona una clave API con privilegios excesivos. Esta clave permite acceder a todas las funciones de administración de la aplicación, incluyendo endpoints como "/users/list" y "/users/get_users". Esta vulnerabilidad permite la escalada de privilegios dentro de la aplicación, lo que permite que cualquier cuenta se convierta en administrador proxy.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:16

NVD link : CVE-2025-0628

Mitre link : CVE-2025-0628

CVE.ORG link : CVE-2025-0628

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

8.1 /10