aikido.dev Secure My Code

Intel/AIKIDO-2025-10710

AIKIDO-2025-10710

litellm is vulnerable to Incorrect Authorization

Incorrect Authorization Pre-CVE Published Oct 14, 2025

71

High Risk

This Affects:

PYTHON

1.74.6 - 1.77.0

Fixed in 1.77.1

Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to incorrect authorization because _check_proxy_admin_viewer_access fails to enforce role boundaries. As a result, users granted the PROXY_ADMIN_VIEW_ONLY role—who should have read-only access—can perform privileged actions (for example, POST /key/generate or POST /key/update) by sending crafted requests, allowing them to modify credentials and other sensitive data.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

litellm is vulnerable to Incorrect Authorization in versions 1.74.6 - 1.77.0.

How to fix this

Upgrade the litellm library to the patch version.

71

High Risk

This Affects:

PYTHON

1.74.6 - 1.77.0

Fixed in 1.77.1

Are you affected? Scan for Free

Links

github.com/BerriAI/litellm/commit/9a62b9bdb9ff217a0683047756588b2f5bd59c27

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done