CVE-2025-45809 in litellm
Summary
by MITRE • 07/03/2025
SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/12/2026
This vulnerability represents a critical SQL injection flaw in the BerriAI LiteLLM platform affecting versions prior to 1.81.0. The vulnerability specifically targets the key parameter within the /key/block and /key/unblock API endpoints, creating a pathway for attackers to execute arbitrary commands through maliciously crafted database queries. The flaw stems from insufficient input validation and improper parameter sanitization within the application's database interaction layer, allowing malicious actors to inject SQL commands that bypass normal security controls. This vulnerability aligns with CWE-89 which categorizes SQL injection as a persistent threat where untrusted data is incorporated into SQL queries without proper escaping or parameterization. The attack surface is particularly concerning as it operates at the API level, enabling remote exploitation without requiring authentication or elevated privileges. The implications extend beyond simple data theft, as the arbitrary command execution capability allows attackers to potentially compromise the entire database infrastructure, modify access controls, or escalate their privileges within the system.
The operational impact of this vulnerability is substantial as it provides attackers with direct database manipulation capabilities through well-defined API endpoints. When an attacker successfully exploits this vulnerability, they can execute commands that may include data retrieval, modification, deletion, or even system-level operations depending on the database permissions. The /key/block and /key/unblock endpoints are particularly dangerous because they likely control access permissions and key management functions within the system, making them prime targets for attackers seeking to gain unauthorized access or disrupt service availability. This vulnerability can be exploited through standard web application attacks using techniques such as union-based queries, time-based blind injection, or error-based exploitation methods. The ATT&CK framework categorizes this under T1190 - Exploit Public-Facing Application, where adversaries target vulnerabilities in externally accessible applications to gain initial access or escalate privileges within the target environment.
Mitigation strategies should focus on immediate patching of the affected LiteLLM versions to 1.81.0 or later where the SQL injection vulnerability has been addressed through proper input validation and parameterized query implementation. Organizations should implement comprehensive input sanitization measures that enforce strict parameter validation for all API endpoints, particularly those handling user-provided data. The remediation process should include thorough code review and implementation of prepared statements or parameterized queries to prevent SQL injection at the database interaction level. Network-level protections such as web application firewalls should be configured to monitor and block suspicious API requests targeting these specific endpoints. Additionally, access controls should be strengthened around the key management functions to limit exposure, and regular security assessments should be conducted to identify similar vulnerabilities in other API endpoints. Security monitoring should include detection of anomalous database query patterns that may indicate exploitation attempts, and incident response procedures should be established to quickly address any potential compromise of the system.