CVE-2025-0330

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-1230
View all →

Vulnerability Description

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Related Vulnerabilities

CVE-2024-53291

HIGH
CVSS:7.5(High)

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne...

CWE-12302024

CVE-2023-1974

HIGH
CVSS:7.7(High)

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.

CWE-12302023

CVE-2024-47517

MEDIUM
CVSS:6.8(Medium)

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

CWE-12302024

CVE-2024-9447

MEDIUM
CVSS:6.5(Medium)

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticat...

CWE-12302024

CVE-2025-1921

MEDIUM
CVSS:6.5(Medium)

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security seve...

CWE-12302025

CVE-2024-9099

HIGH
CVSS:8.8(High)

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This...

CWE-12302024