PT-2025-12287 · Litellm · Litellm

Published

2025-03-20

Updated

2025-03-21

CVE-2024-9606

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions berriai/litellm versions 1.44.9 through 1.44.11

Description The issue affects the litellm/litellm core utils/litellm logging.py file, where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key.

Recommendations For versions 1.44.9 through 1.44.11, update to version 1.44.12 or later to resolve the issue. As a temporary workaround, consider disabling the logging functionality in the litellm logging.py file until a patch is available. Restrict access to the log files to minimize the risk of exploitation.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117CWE-116

Related Identifiers

CVE-2024-9606

GHSA-G5PG-73FC-HJWQ

Affected Products

Litellm

PT-2025-12287 · Litellm · Litellm

CVE-2024-9606

Weakness Enumeration

Related Identifiers

Affected Products

References · 7