CVE-2025-45809: n/a
BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint.
AI Analysis
Technical Summary
CVE-2025-45809 is a medium-severity SQL injection vulnerability identified in BerriAI litellm version 1.65.4, specifically via the /key/block endpoint. SQL injection (CWE-89) vulnerabilities occur when untrusted input is improperly sanitized and directly incorporated into SQL queries, allowing an attacker to manipulate the backend database. In this case, the vulnerability allows an unauthenticated remote attacker to inject malicious SQL commands through the /key/block endpoint, which is accessible over the network (AV:N). The attack complexity is low (AC:L), and no privileges are required (PR:N), but user interaction is needed (UI:R), indicating that the attacker must trick a user into triggering the malicious request. The vulnerability impacts confidentiality and integrity (C:L/I:L) but does not affect availability (A:N). The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other components. Although no known exploits are currently in the wild, the presence of this vulnerability in a component of BerriAI litellm—a software likely used for AI or machine learning model management or deployment—could allow attackers to extract sensitive data or modify database contents if exploited. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring. Given the CVSS score of 5.4, this vulnerability is considered medium severity but should not be underestimated due to the potential for data leakage and integrity compromise.
Potential Impact
For European organizations using BerriAI litellm, this vulnerability poses a risk of unauthorized data access and potential data manipulation, which could lead to breaches of sensitive information, including intellectual property or personal data protected under GDPR. The confidentiality impact could result in exposure of proprietary AI model data or user credentials stored in the database. Integrity compromise could lead to corrupted or manipulated data, affecting AI model outputs or business processes relying on this data. Although availability is not directly impacted, the indirect consequences of data manipulation could disrupt operations. Organizations in sectors such as finance, healthcare, and critical infrastructure, which often deploy AI solutions, may face regulatory and reputational damage if exploited. The requirement for user interaction suggests phishing or social engineering might be vectors, increasing the risk in environments with less mature security awareness. The absence of known exploits currently provides a window for proactive mitigation before active exploitation occurs.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the /key/block endpoint through network segmentation and firewall rules, limiting exposure to trusted users and systems only. 2. Implement strict input validation and parameterized queries or prepared statements in the application code to prevent SQL injection. 3. Conduct thorough code reviews and penetration testing focused on the /key/block endpoint and other input vectors. 4. Monitor logs for unusual or suspicious SQL query patterns or failed injection attempts. 5. Educate users about phishing and social engineering risks since user interaction is required for exploitation. 6. Engage with BerriAI to obtain patches or updates as soon as they become available and plan for timely deployment. 7. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block SQL injection attempts targeting this endpoint. 8. Review and audit database permissions to ensure the application uses least privilege principles, limiting the potential damage of a successful injection.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2025-45809: n/a
Description
BerriAI litellm v1.65.4 was discovered to contain a SQL injection vulnerability via the /key/block endpoint.
AI-Powered Analysis
Technical Analysis
CVE-2025-45809 is a medium-severity SQL injection vulnerability identified in BerriAI litellm version 1.65.4, specifically via the /key/block endpoint. SQL injection (CWE-89) vulnerabilities occur when untrusted input is improperly sanitized and directly incorporated into SQL queries, allowing an attacker to manipulate the backend database. In this case, the vulnerability allows an unauthenticated remote attacker to inject malicious SQL commands through the /key/block endpoint, which is accessible over the network (AV:N). The attack complexity is low (AC:L), and no privileges are required (PR:N), but user interaction is needed (UI:R), indicating that the attacker must trick a user into triggering the malicious request. The vulnerability impacts confidentiality and integrity (C:L/I:L) but does not affect availability (A:N). The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other components. Although no known exploits are currently in the wild, the presence of this vulnerability in a component of BerriAI litellm—a software likely used for AI or machine learning model management or deployment—could allow attackers to extract sensitive data or modify database contents if exploited. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring. Given the CVSS score of 5.4, this vulnerability is considered medium severity but should not be underestimated due to the potential for data leakage and integrity compromise.
Potential Impact
For European organizations using BerriAI litellm, this vulnerability poses a risk of unauthorized data access and potential data manipulation, which could lead to breaches of sensitive information, including intellectual property or personal data protected under GDPR. The confidentiality impact could result in exposure of proprietary AI model data or user credentials stored in the database. Integrity compromise could lead to corrupted or manipulated data, affecting AI model outputs or business processes relying on this data. Although availability is not directly impacted, the indirect consequences of data manipulation could disrupt operations. Organizations in sectors such as finance, healthcare, and critical infrastructure, which often deploy AI solutions, may face regulatory and reputational damage if exploited. The requirement for user interaction suggests phishing or social engineering might be vectors, increasing the risk in environments with less mature security awareness. The absence of known exploits currently provides a window for proactive mitigation before active exploitation occurs.
Mitigation Recommendations
1. Immediate mitigation should include restricting access to the /key/block endpoint through network segmentation and firewall rules, limiting exposure to trusted users and systems only. 2. Implement strict input validation and parameterized queries or prepared statements in the application code to prevent SQL injection. 3. Conduct thorough code reviews and penetration testing focused on the /key/block endpoint and other input vectors. 4. Monitor logs for unusual or suspicious SQL query patterns or failed injection attempts. 5. Educate users about phishing and social engineering risks since user interaction is required for exploitation. 6. Engage with BerriAI to obtain patches or updates as soon as they become available and plan for timely deployment. 7. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block SQL injection attempts targeting this endpoint. 8. Review and audit database permissions to ensure the application uses least privilege principles, limiting the potential damage of a successful injection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-22T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6866d1e86f40f0eb729ab742
Added to database: 7/3/2025, 6:54:32 PM
Last enriched: 7/3/2025, 7:09:40 PM
Last updated: 7/11/2025, 3:08:24 AM
Views: 15
Related Threats
CVE-2025-53927: CWE-94: Improper Control of Generation of Code ('Code Injection') in 1Panel-dev MaxKB
MediumCVE-2025-53909: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in mailcow mailcow-dockerized
CriticalCVE-2025-51630: n/a
UnknownCVE-2025-53928: CWE-94: Improper Control of Generation of Code ('Code Injection') in 1Panel-dev MaxKB
MediumCVE-2025-40924: CWE-340 Generation of Predictable Numbers or Identifiers in HAARG Catalyst::Plugin::Session
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.