Description

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.

INFO

Published Date :

2025-03-20T10:11:36.172Z

Last Modified :

2025-10-15T12:49:46.893Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6825 vulnerability.

Vendors Products
Berriai
  • Litellm
Litellm
  • Litellm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6825.

URL Resource
https://github.com/berriai/litellm/commit/441c7275ed2715f47650a7c2e525055c804073a9 cve-icon cve-icon
https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact