CVE-2025-45809

5.4 MEDIUM
Published: July 03, 2025 Modified: March 12, 2026
View on NVD

Description

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/shadia0/Patienc/blob/main/litellm/SQL_injection.md
Source: cve@mitre.org
Exploit Mitigation Third Party Advisory
https://huntr.com/bounties/3e6e4d40-b06a-4f54-a3ed-cc93584b12f3
Source: cve@mitre.org

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.4 / 10.0
EPSS (Exploit Probability)
0.1%
21th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

litellm

Related CVEs

CVE-2026-4861 8.8
CVE-2026-4860 7.3
CVE-2026-4874 3.1
CVE-2026-4850 7.3
CVE-2026-4849 4.3