CVE-2024-5225
Published: 06 June 2024
Summary
CVE-2024-5225 is a high-severity SQL Injection (CWE-89) vulnerability in Litellm Litellm. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), LLM Prompt Self-Replication (AML.T0061), External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2064
Vulnerability details
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated…
more
`api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS).
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- LiteLLM (berriai/litellm) is a proxy server/library for standardizing API calls to various LLM providers and models, directly fitting the 'APIs and Models' category. The vulnerability is reported on an AI/ML bug bounty platform (Huntr).
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in /global/spend/logs endpoint enables exploitation of public-facing applications (T1190), data collection from databases (T1213.006), stored data manipulation (T1565.001), and DoS via application exploitation (T1499.004).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.