AI Threat Alert
### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers...
Full CISO analysis pending enrichment.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| litellm | pip | < 1.83.0 | 1.83.0 |
Do you use litellm? You're affected.
Severity & Risk
Recommended Action
Patch available
Update litellm to version 1.83.0
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables ### Patches Fixed in v1.83.0. The endpoint now requires `proxy_admin` role. ### Workarounds Restrict API key distribution. There is no configuration-level workaround.
Weaknesses (CWE)
References
Timeline
Related Vulnerabilities
CVE-2024-6825 8.8 LiteLLM: RCE via post_call_rules callback injection
Same package: litellm CVE-2025-0628 8.1 litellm: privilege escalation viewer→proxy admin via bad API key
Same package: litellm CVE-2024-4888 8.1 litellm: arbitrary file deletion via audio endpoint
Same package: litellm CVE-2024-10188 7.5 litellm: unauthenticated DoS crashes LLM proxy server
Same package: litellm CVE-2024-8984 7.5 litellm: unauthenticated DoS via multipart boundary parsing
Same package: litellm