CVE-2025-0330

High

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing…

@huntr_ai·CWE-1230·Published 2025-03-20

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

330 chars

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

NVDen

330 chars

OSV.deven

330 chars

GHSAen

330 chars

NVDes

377 chars

En la versión 1.52.1 de berriai/litellm, un problema en proxy_server.py provoca la fuga de claves de API de Langfuse cuando se produce un error al analizar la configuración del equipo. Esta vulnerabilidad expone información confidencial, como langfuse_secret y langfuse_public_key, que puede proporcionar acceso completo al proyecto Langfuse que almacena todas las solicitudes.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.0	Secondary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N