VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Exposure of Sensitive Information in berriai/litellm

CVE-2025-0330

Description

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
litellmPyPI
<= 1.52.1

Affected products

2
  • ghsa-coords
    Range: <= 1.52.1
  • berriai/berriai/litellmv5
    Range: unspecified

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.