CVE-2025-0330

HIGH7.5EPSS 0.37%

LiteLLM Has a Leakage of Langfuse API Keys

Published: 3/20/2025Modified: 3/20/2025

Description

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Affected packages (1)

PyPI/litellmfrom 0, <= 1.52.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-0330
PATCHhttps://github.com/BerriAI/litellm
WEBhttps://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a