Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Published

2025-03-20T10:15:52.763

Last Modified

2025-08-01T13:58:47.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-1230

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	litellm	litellm	1.52.1	Yes

References

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a Exploit, Third Party Advisory ([email protected])