CVE-2025-0628

Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest

Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows access to all admin functionality, including endpoints such as "/users/list" and "/users/get users". The vulnerability enables privilege escalation within the application, allowing any account to become a proxy admin.

Recommendations For BerriAI/litellm version main-latest, consider restricting access to the /users/list and /users/get users endpoints until a fix is available. As a temporary workaround, review and limit the privileges assigned to the internal user viewer role to prevent unauthorized access to admin functionality.