VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-vgkp-n2vv-k7c9

Essentials
Severities (15)
References (7)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vgkp-n2vv-k7c9
Aliases	CVE-2024-5225 GHSA-h6m6-jj8v-94jj
Summary	An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2024-5225
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2024-5225
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-h6m6-jj8v-94jj
cvssv3.1	6.4	https://github.com/BerriAI/litellm
generic_textual	MODERATE	https://github.com/BerriAI/litellm
cvssv3.1	6.4	https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56
generic_textual	MODERATE	https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56
cvssv3.1	6.4	https://github.com/BerriAI/litellm/pull/3940
generic_textual	MODERATE	https://github.com/BerriAI/litellm/pull/3940
cvssv3	6.4	https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
cvssv3.1	6.4	https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
generic_textual	MODERATE	https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
ssvc	Track*	https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
cvssv3.1	6.4	https://nvd.nist.gov/vuln/detail/CVE-2024-5225
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-5225

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-5225
		https://github.com/BerriAI/litellm
		https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56
		https://github.com/BerriAI/litellm/pull/3940
491e4884-0306-4cd4-8fe2-9a19de33bf5c		https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c
CVE-2024-5225		https://nvd.nist.gov/vuln/detail/CVE-2024-5225
GHSA-h6m6-jj8v-94jj		https://github.com/advisories/GHSA-h6m6-jj8v-94jj

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/BerriAI/litellm

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/BerriAI/litellm/commit/f75c15d6cd535aa78014378ad532de1df6be2f56

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/BerriAI/litellm/pull/3940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-06T20:15:02Z/ Found at https://huntr.com/bounties/491e4884-0306-4cd4-8fe2-9a19de33bf5c

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-5225

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47842
EPSS Score	0.00243
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:31:39.246938+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/5xxx/CVE-2024-5225.json	38.6.0