CVE-2025-0628 HIGH

CVE-2025-0628: Improper Authorization in BerriAI/litellm

Vendor Berriai
Product berriai/litellm
Weakness CWE-266
Published March 20, 2025
Last update October 15, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated