Vulnerability Details CVE-2025-0330
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.3%
CVSS Severity
CVSS v3 Score 7.5