CVE-2025-0330 Information

Description

In berriai/litellm version v1.52.1 an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information including langfuse_secret and langfuse_public_key which can provide full access to the Langfuse project storing all requests.

Reference

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a