CVE-2025-0330
Published: 20 March 2025
Summary
CVE-2025-0330 is a high-severity Exposure of Sensitive Information Through Metadata (CWE-1230) vulnerability in Litellm Litellm. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked in the top 40.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Privacy and Disclosure risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6833
Vulnerability details
In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse…
more
project storing all requests.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: langfuse
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability leaks Langfuse API keys (application access tokens) and sensitive credentials via error messages during team settings parsing, enabling their theft from the LiteLLM proxy server.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Identifies sensitive information exposed via metadata during disclosure monitoring.