A critical privilege escalation vulnerability, CVE-2025-0628, has been identified in the BerriAI/litellm application. This flaw allows users with the internal_user_viewer role to gain PROXY ADMIN privileges, effectively bypassing intended access controls. The vulnerability, rated High with a CVSS score of 8.1, poses significant risks to organizations using the affected software.
The issue stems from improper authorization checks in the application’s API key generation process. When a user logs in with the internal_user_viewer role, they are granted an overly privileged API key, enabling access to sensitive admin endpoints such as /users/list and /users/get_users12.
TL;DR
- CVE ID: CVE-2025-0628
- Severity: High (CVSS 8.1)
- Affected Product: BerriAI/litellm (main-latest version)
- Vulnerability Type: Improper Authorization leading to Privilege Escalation
- Impact: Users with the role
internal_user_viewercan gain PROXY ADMIN access, allowing unauthorized access to admin endpoints. - Patch Available: Yes, version 1.61.15
C-Suite Summary
For senior executives, this vulnerability underscores the critical need for rigorous security practices in software development and deployment. Key takeaways include:
- Risk: Unauthorized users can gain full administrative control over the application, leading to potential data breaches and operational disruptions.
- Action: Ensure all instances of BerriAI/litellm are updated to version 1.61.15 or later.
- Implications: Failure to patch could result in regulatory penalties, reputational damage, and financial losses.
Vulnerability Details
The vulnerability exists in the main-latest version of BerriAI/litellm. Specifically, the application fails to enforce proper role-based access controls (RBAC) when generating API keys for users with the internal_user_viewer role. This oversight allows these users to escalate their privileges and gain full administrative control over the application3.
Key Points:
- Affected Versions: All versions prior to 1.61.154.
- Exploitation: No user interaction is required. An attacker with
internal_user_vieweraccess can exploit this flaw to gain PROXY ADMIN privileges. - Impact: Unauthorized access to admin functionality, including user management and sensitive data retrieval.
Red-Team Relevance
For red-teamers, this vulnerability presents a prime opportunity to demonstrate the risks of improper authorization mechanisms in enterprise applications. Here’s how this flaw can be leveraged in an engagement:
- Initial Access: Gain access to an account with the
internal_user_viewerrole. This could be achieved through phishing, credential stuffing, or exploiting other vulnerabilities. - Privilege Escalation: Log in to the application and obtain the overly privileged API key.
- Lateral Movement: Use the elevated privileges to access sensitive endpoints, such as
/users/list, to enumerate other accounts and escalate further. - Persistence: Create or modify admin accounts to maintain access even after the initial exploit.
This vulnerability is particularly relevant for red-teams targeting organizations using BerriAI/litellm for AI or language model operations, as it highlights the importance of robust RBAC implementations.
Mitigation and Workarounds
The vulnerability has been patched in version 1.61.15 of BerriAI/litellm. Organizations are strongly advised to update their installations immediately. For those unable to patch immediately, the following workarounds can mitigate the risk:
- Restrict API Key Access: Limit the scope of API keys issued to
internal_user_viewerroles. - Monitor Admin Endpoints: Implement logging and monitoring for sensitive endpoints like
/users/listand/users/get_users. - Role Review: Audit user roles and permissions to ensure no over-privileged accounts exist.
Conclusion
CVE-2025-0628 is a stark reminder of the importance of proper authorization mechanisms in modern applications. For organizations using BerriAI/litellm, immediate action is required to mitigate the risks posed by this vulnerability. Red-teamers can use this flaw to highlight the potential consequences of inadequate access controls, while executives should prioritize patching and security reviews to safeguard their systems.
References
- Tenable (2025). “CVE-2025-0628 | Tenable®”. Tenable. Retrieved March 22, 2025.
- GitHub Advisory Database (2025). “LiteLLM Has an Improper Authorization Vulnerability · CVE-2025-0628”. GitHub. Retrieved March 22, 2025.
- Vulert (2025). “CVE-2025-0628: LiteLLM Improper Authorization Vulnerability Leading to Privilege Escalation”. Vulert. Retrieved March 22, 2025.
- OSV (2025). “CVE-2025-0628 – OSV”. OSV. Retrieved March 22, 2025.
Metadata
- Keywords: CVE-2025-0628, BerriAI, Litellm, Privilege Escalation, Improper Authorization, Red-Team, Cybersecurity, CVSS 8.1
