CVE-2025-0628HIGH 8.1EPSS p30.3%

CVE-2025-0628CVE-2025-0628

Description

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN.

Scoring

CVSS 3.08.1 (HIGH)
VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS0.39% probability of exploitation · percentile 30.3% · 2026-06-19T12:03:05Z
Published2025-03-20
Last modified2026-04-15

Underlying weaknesses· 1

CWE-266

References

  1. https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b
  2. https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc

1

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47101
CVE
BerriAI LiteLLM SQL Injection Vulnerability
CVE
CVE-2026-47102
CVE
CVE-2026-35029
CVE
CVE-2026-42203
CVE
BerriAI LiteLLM Command Injection Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.