High severity8.1OSV Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2025-0628
CVE-2025-0628
Description
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | < 1.61.15 | 1.61.15 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.