VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-s1sj-yr6f-afdc

Essentials
Severities (9)
References (5)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s1sj-yr6f-afdc
Aliases	CVE-2025-0330 GHSA-879v-fggm-vxw2
Summary	In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1230	Exposure of Sensitive Information Through Metadata
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2025-0330
cvssv3.1	7.5	https://github.com/BerriAI/litellm
generic_textual	HIGH	https://github.com/BerriAI/litellm
cvssv3	7.5	https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
cvssv3.1	7.5	https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
generic_textual	HIGH	https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
ssvc	Track	https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-0330
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-0330

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-0330
		https://github.com/BerriAI/litellm
		https://nvd.nist.gov/vuln/detail/CVE-2025-0330
661b388a-44d8-4ad5-862b-4dc5b80be30a		https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
GHSA-879v-fggm-vxw2		https://github.com/advisories/GHSA-879v-fggm-vxw2

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/BerriAI/litellm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:38Z/ Found at https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-0330

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.59138
EPSS Score	0.00368
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:14:28.158358+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/0xxx/CVE-2025-0330.json	38.6.0