CVE-2025-10188: 
WordPress Análise e mitigação de vulnerabilidades

A vulnerability in BerriAI/litellm (CVE-2024-10188) was discovered that allows unauthenticated users to cause a Denial of Service (DoS) by exploiting the use of ast.literal_eval to parse user input. The vulnerability was disclosed on March 20, 2025 and affects the litellm Python server as of commit 26c03c9 (NVD).

The vulnerability stems from the unsafe use of ast.literal_eval function to parse user input in the BerriAI/litellm Python server. This function is not secure for parsing untrusted input and can be exploited to cause Denial of Service attacks. The vulnerability has been assigned a CVSS v3.0 base score of 7.5 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness is categorized as CWE-400 (Uncontrolled Resource Consumption) (NVD, Huntr).

When exploited, this vulnerability can cause the litellm Python server to crash through a Denial of Service attack. The impact is particularly severe as it requires no authentication and can be triggered remotely, potentially affecting the availability of services relying on the litellm server (NVD).

A fix has been implemented in the BerriAI/litellm repository through commit 21156ff5d0d84a7dd93f951ca033275c77e4f73c. Users are advised to update to the latest version that includes this security fix (Github).