AI Threat Alert

CVE-2025-0330

GHSA-879v-fggm-vxw2 HIGH
Published March 20, 2025

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
litellm pip <= 1.52.1 No patch

Do you use litellm? You're affected.

Severity & Risk

CVSS 3.1
7.5 / 10
EPSS
0.1%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Weaknesses (CWE)

CWE-1230 Exposure of Sensitive Information Through Metadata Primary

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Timeline

Published
March 20, 2025
Last Modified
March 20, 2025
First Seen
March 24, 2026
Back to Threat Feed