{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0628", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2025-01-21T19:10:36.300Z", "datePublished": "2025-03-20T10:10:45.400Z", "dateUpdated": "2025-10-15T12:50:05.101Z"}, "containers": {"cna": {"title": "Improper Authorization in BerriAI/litellm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:50:05.101Z"}, "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN."}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"version": "unspecified", "lessThan": "v1.61.15-nightly", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc"}, {"url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-266 Incorrect Privilege Assignment", "cweId": "CWE-266"}]}], "source": {"advisory": "6c0e2f75-2d03-42f9-9530-e16a973317fc", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:49:22.754243Z", "id": "CVE-2025-0628", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:17:09.855Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0628", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-20T17:49:22.754243Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:49:24.269Z"}}], "cna": {"title": "Improper Authorization in BerriAI/litellm", "source": {"advisory": "6c0e2f75-2d03-42f9-9530-e16a973317fc", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "berriai", "product": "berriai/litellm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v1.61.15-nightly", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc"}, {"url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b"}], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:50:05.101Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0628", "state": "PUBLISHED", "dateUpdated": "2025-10-15T12:50:05.101Z", "dateReserved": "2025-01-21T19:10:36.300Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:10:45.400Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN."}, {"lang": "es", "value": "Existe una vulnerabilidad de autorizaci\u00f3n indebida en la \u00faltima versi\u00f3n principal de BerriAI/litellm. Cuando un usuario con el rol \"internal_user_viewer\" inicia sesi\u00f3n en la aplicaci\u00f3n, se le proporciona una clave API con privilegios excesivos. Esta clave permite acceder a todas las funciones de administraci\u00f3n de la aplicaci\u00f3n, incluyendo endpoints como \"/users/list\" y \"/users/get_users\". Esta vulnerabilidad permite la escalada de privilegios dentro de la aplicaci\u00f3n, lo que permite que cualquier cuenta se convierta en administrador proxy."}], "id": "CVE-2025-0628", "lastModified": "2025-10-15T13:16:00.713", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:53.407", "references": [{"source": "security@huntr.dev", "url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}