cbcvebase.
CVE-2025-0628
published 2025-03-20

CVE-2025-0628: An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the…

PriorityP350high8.1CVSS 3.0
AVNACLPRLUINSUCHIHAN
EPSS
0.32%
23.2th percentile
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

Affected

11 ranges
VendorProductVersion rangeFixed in
ansible-automation-platform-26lightspeed-chatbot-rhel9
ansible-automation-platform-27lightspeed-chatbot-rhel9
berriailitellm
berriailitellm
berriailitellm
exploit-intelligence-tech-previewvulnerability-analysis-rhel9
litellmlitellm<= 1.82.2
litellmlitellm>= 0 < 1.61.151.61.15
rhoaiodh-llama-stack-core-rhel9
rhoaiodh-mlflow-rhel9
rhoaiodh-trustyai-garak-lls-provider-dsp-rhel9

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.