CVE-2025-0330: 
LiteLLM vulnerability analysis and mitigation

In berriai/litellm version v1.52.1, a vulnerability was discovered that causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability was assigned CVE-2025-0330 and was disclosed on March 20, 2025. The issue specifically exposes sensitive information including langfusesecret and langfusepublic_key, which can provide full access to the Langfuse project storing all requests (NVD).

The vulnerability is classified under CWE-1230 (Exposure of Sensitive Information Through Metadata). According to the CVSS 3.0 scoring, it has received a base score of 7.5 (HIGH) with the following vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs no privileges or user interaction, and has high impact on confidentiality but no impact on integrity or availability (NVD, Huntr).

The vulnerability's primary impact is the exposure of sensitive Langfuse API keys, specifically the langfusesecret and langfusepublic_key. When exploited, this can grant an attacker full access to the Langfuse project where all requests are stored, potentially compromising the security and privacy of the entire project (NVD).