Primary

Context

LiteLLM API_KEY Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in LiteLLM allows authenticated remote attackers to access sensitive information by exploiting the API_KEY parameter in the health endpoint. This flaw can lead to the unauthorized disclosure of stored credentials, potentially causing further compromise.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information, specifically stored credentials, which could be used for further exploitation.

Remediation

LiteLLM has released a patch for this vulnerability in version 1.63.14-stable. Users should update to this version.

Added: Oct 29, 2025, 8:23 PM

Updated: Oct 29, 2025, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LiteLLM API_KEY Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LiteLLM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating