CVE-2025-45809 identifies an SQL Injection vulnerability in BerriAI LiteLLM versions prior to 1.81.0. The flaw exists in the handling of the 'key' parameter within the /key/block and /key/unblock API endpoints. An attacker can inject malicious SQL commands through this parameter, potentially leading to unauthorized data access or modification. The vulnerability arises from improper input validation and sanitization, allowing crafted input to alter SQL queries executed by the backend database. The CVSS 3.1 score of 5.4 reflects a medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, but requiring user interaction. The impact primarily affects confidentiality and integrity, with no direct impact on availability. No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability is classified under CWE-89, which covers SQL Injection issues. This vulnerability could be exploited by attackers to manipulate or exfiltrate sensitive data stored in the backend database, potentially compromising application security and user data privacy.

The vulnerability could allow attackers to execute arbitrary SQL commands remotely without authentication, leading to unauthorized disclosure or modification of sensitive data. This compromises the confidentiality and integrity of the affected systems. While availability is not directly impacted, data manipulation could disrupt normal operations or lead to further exploitation. Organizations relying on BerriAI LiteLLM for AI or data processing services may face data breaches, loss of trust, and regulatory consequences. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits after public disclosure. The requirement for user interaction slightly limits exploitation but does not prevent targeted attacks. Overall, the vulnerability poses a moderate risk to organizations handling sensitive or regulated data using the affected software.

Organizations should upgrade BerriAI LiteLLM to version 1.81.0 or later once available to ensure the vulnerability is patched. Until patches are released, implement strict input validation and sanitization on the 'key' parameter at the application or API gateway level to block SQL injection payloads. Employ Web Application Firewalls (WAFs) configured with rules to detect and block SQL injection attempts targeting the /key/block and /key/unblock endpoints. Monitor API logs for unusual or malformed requests to these endpoints and investigate suspicious activity promptly. Limit exposure by restricting access to these API endpoints to trusted networks or authenticated users where possible. Conduct regular security assessments and code reviews focusing on input handling to prevent similar vulnerabilities. Educate developers on secure coding practices to avoid injection flaws in future releases.