CNNVD-202510-3949 Information

CNNVD ID

CNNVD-202510-3949

Related CVE

CVE-2025-11203

• CNNVD Published: 2025-10-29

Description (Chinese)

LiteLLM是Berri AI开源的一个应用程序。可以使用 OpenAI 格式调用所有 LLM API。 LiteLLM存在信息泄露漏洞，该漏洞源于处理health端点API_KEY参数时暴露敏感信息，可能导致凭据泄露。

Description (English)

LieLLM is an application from Berri AI Open Source. You can call all LLM API in OpenAI format. LitELM has a leaky information loophole, which arises from the exposure of sensitive information in the processing of the API KEY parameter at the health endpoint, which may lead to the disclosure of evidence.

Hazard Level

Critical

Vulnerability Type

信息泄露

Affected Vendor

Berri AI

Published

2025-10-29

Last Modified

2026-02-24

References

https://docs.litellm.ai/release_notes/v1.63.14-stable https://www.zerodayinitiative.com/advisories/ZDI-25-929/

Patch

https://github.com/BerriAI/litellm/releases