CVE-2025-0330 – This vulnerability in berriai/litellm's proxy s... (How to Fix)

📋 TL;DR

This vulnerability in berriai/litellm's proxy server leaks Langfuse API keys when team settings parsing fails, exposing sensitive credentials. Attackers gaining these keys can access the Langfuse project containing all request data. Users running litellm v1.52.1 with Langfuse integration are affected.

💻 Affected Systems

Products:

berriai/litellm

Versions: v1.52.1

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using Langfuse integration; the vulnerability triggers when team settings parsing fails.

📦 What is this software?

Litellm by Litellm

View all CVEs affecting Litellm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of Langfuse project data including all API requests, logs, and potentially sensitive user information stored in the project.

🟠

Likely Case

Unauthorized access to Langfuse project data, enabling data theft, surveillance of API requests, and potential lateral movement.

🟢

If Mitigated

Limited exposure if Langfuse keys are rotated immediately and access logs are monitored for suspicious activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering an error condition in team settings parsing to leak keys.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.52.2 or later

Vendor Advisory: https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a

Restart Required: No

Instructions:

1. Update litellm to v1.52.2 or later using pip: pip install --upgrade litellm==1.52.2
2. Verify the update with: pip show litellm
3. Restart any running litellm proxy services.

🔧 Temporary Workarounds

Disable Langfuse Integration

all

Temporarily disable Langfuse to prevent key leakage until patching.

Remove or comment out Langfuse configuration in your litellm settings

Rotate Langfuse Keys

all

Immediately rotate exposed Langfuse API keys to limit damage.

Generate new keys in Langfuse dashboard and update litellm configuration

🧯 If You Can't Patch

Monitor logs for error messages containing Langfuse keys and implement alerting.
Implement network segmentation to restrict litellm proxy server access.

🔍 How to Verify

Check if Vulnerable:

Check if running litellm v1.52.1 with Langfuse integration enabled.

Check Version:

pip show litellm | grep Version

Verify Fix Applied:

Confirm litellm version is v1.52.2 or later and test team settings parsing.

📡 Detection & Monitoring

Log Indicators:

Error logs containing Langfuse API keys
Team settings parsing failure messages

Network Indicators:

Unexpected outbound connections to Langfuse API from unauthorized sources

SIEM Query:

source="litellm" AND ("langfuse_secret" OR "langfuse_public_key") AND level="ERROR"

📊 Metadata

CVE ID: CVE-2025-0330

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1230

EPSS Score: 0.13% exploit probability (33.1th percentile)

Published: March 20, 2025

Last Updated: August 1, 2025

🔗 References

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0330, you might also want to check these: