CVE-2024-5751 is a critical vulnerability found in berriai/litellm version v1.35.8, categorized under CWE-94 (Improper Control of Generation of Code). The vulnerability exists in the add_deployment function, which processes environment variables by decoding and decrypting base64-encoded data, then assigns these values directly to the operating system environment variables (os.environ). This process lacks sufficient validation or sanitization, allowing an attacker to craft a malicious payload that, when sent to the /config/update endpoint, is processed and executed by the server. The attack vector does not require authentication or user interaction, making it remotely exploitable over the network. The vulnerability specifically requires the server to be configured with Google Key Management Service (KMS) and a database to store a model, which are prerequisites for the vulnerable code path to be triggered. Upon exploitation, the attacker can execute arbitrary code with the privileges of the application, potentially leading to full system compromise, data theft, or further lateral movement. The CVSS v3.0 score of 9.8 reflects the critical nature of this flaw, with high impact on confidentiality, integrity, and availability, and ease of exploitation due to no required privileges or user interaction. No known exploits are currently reported in the wild, but the severity and simplicity of exploitation make this a high-risk vulnerability requiring urgent attention.

For European organizations, the impact of CVE-2024-5751 is severe. Organizations using berriai/litellm for AI or machine learning model management, particularly those integrating Google KMS for secrets management, are at risk of remote code execution attacks. Successful exploitation can lead to complete system compromise, exposing sensitive data, intellectual property, and potentially critical infrastructure controls. This could disrupt business operations, cause data breaches subject to GDPR penalties, and damage organizational reputation. The vulnerability's remote and unauthenticated nature increases the likelihood of exploitation by cybercriminals or state-sponsored actors targeting European entities. Given the growing adoption of AI tools and cloud-based key management in Europe, the threat could affect sectors such as finance, healthcare, government, and technology. The lack of known exploits currently provides a window for proactive mitigation, but the critical severity demands immediate response to prevent potential attacks.

1. Immediately update berriai/litellm to a patched version once available from the vendor. Monitor vendor advisories for official patches. 2. Until a patch is released, restrict access to the /config/update endpoint using network-level controls such as firewalls or API gateways to limit exposure to trusted IP addresses only. 3. Implement strict input validation and sanitization on all inputs processed by add_deployment, especially those involving environment variable assignments. 4. Review and harden the use of Google KMS and database configurations to ensure minimal privileges and audit logging are enabled. 5. Employ runtime application self-protection (RASP) or web application firewalls (WAF) with custom rules to detect and block suspicious payloads targeting the vulnerable endpoint. 6. Conduct thorough security audits and penetration testing focused on the deployment and configuration of berriai/litellm instances. 7. Monitor logs and alerts for unusual activity related to environment variable changes or calls to get_secret function. 8. Educate DevOps and security teams about the risks of improper code generation and environment variable handling to prevent similar vulnerabilities in custom code.