VYPR
← All advisories
Low severity3.5NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2025-11203

CVE-2025-11203

Description

LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of the API_KEY parameter provided to the health endpoint. The issue results from exposing sensitive information to an unauthorized actor. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26585.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LiteLLM health endpoint exposes API_KEY parameter, allowing authenticated attackers to disclose stored credentials.

Vulnerability

Overview

CVE-2025-11203 is an information disclosure vulnerability in LiteLLM, affecting the health endpoint's handling of the API_KEY parameter. The flaw arises because the endpoint exposes sensitive information to an unauthorized actor, specifically the API_KEY value, which can lead to the disclosure of stored credentials [1].

Exploitation

An attacker with valid authentication can exploit this vulnerability remotely by sending a crafted request to the health endpoint. The attack requires low privileges and user interaction, as reflected in the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N) [1]. The specific mechanism involves the health endpoint improperly returning the API_KEY parameter, which should not be accessible to the requester.

Impact

Successful exploitation allows an attacker to disclose stored credentials, potentially leading to further compromise of the LiteLLM installation. The confidentiality impact is limited (low), but the disclosure of API keys could enable lateral movement or access to other systems [1].

Mitigation

LiteLLM has issued an update to address this vulnerability. Users should apply the latest patch or upgrade to a fixed version as recommended by the vendor [1]. No workarounds are documented, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

References
  1. ZDI-25-929

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Litellm/Litellminferred2 versions
    <1.63.14+ 1 more
    • (no CPE)range: <1.63.14
    • (no CPE)range: <1.63.14

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.