CVE-2025-0628
📋 TL;DR
An improper authorization vulnerability in BerriAI/litellm grants internal_user_viewer accounts an overly privileged API key, allowing them to access admin endpoints and escalate privileges to PROXY ADMIN. This affects all deployments using the main-latest version of litellm with role-based access control enabled.
💻 Affected Systems
- BerriAI/litellm
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with internal_user_viewer access gains full administrative control, can view/modify all user data, reconfigure the system, and potentially compromise the entire application infrastructure.
Likely Case
Internal users with viewer roles unintentionally or intentionally access admin functionality, leading to unauthorized data access and privilege escalation within the application.
If Mitigated
With proper role validation and API key scoping, the impact is limited to authorized administrative actions only.
🎯 Exploit Status
Exploitation requires valid internal_user_viewer credentials and knowledge of admin API endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 566d9354aab4215091b2e51ad0333e948125fa1b or later
Vendor Advisory: https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b
Restart Required: No
Instructions:
1. Update litellm to commit 566d9354aab4215091b2e51ad0333e948125fa1b or later. 2. Verify API key generation properly respects role permissions. 3. Test that internal_user_viewer accounts cannot access admin endpoints.
🔧 Temporary Workarounds
Temporary Role Restriction
allManually restrict API key permissions for internal_user_viewer roles to prevent admin access.
# Review and modify role-based API key generation logic to exclude admin scopes for viewer roles
🧯 If You Can't Patch
- Implement strict network segmentation to isolate admin endpoints from viewer-role access
- Deploy API gateway with additional authorization layer to validate role permissions before endpoint access
🔍 How to Verify
Check if Vulnerable:
Test if an internal_user_viewer account can access /users/list or /users/get_users endpoints using their generated API key.Check Version:
git log --oneline -1 | grep 566d9354aab4215091b2e51ad0333e948125fa1bVerify Fix Applied:
Confirm that internal_user_viewer API keys return 403 Forbidden when attempting to access admin endpoints.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to admin endpoints from viewer-role accounts
- API key usage patterns showing viewer accounts accessing privileged endpoints
Network Indicators:
- HTTP 200 responses on /users/* endpoints from non-admin IPs/accounts
- Unusual API call sequences from viewer-role authenticated sessions
SIEM Query:
source="application_logs" AND (endpoint="/users/list" OR endpoint="/users/get_users") AND user_role="internal_user_viewer" AND response_code=200