{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T05:02:39.766","vulnerabilities":[{"cve":{"id":"CVE-2024-6825","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:33.237","lastModified":"2025-10-15T13:15:49.953","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed."},{"lang":"es","value":"BerriAI/litellm versión 1.40.12 contiene una vulnerabilidad que permite la ejecución remota de código. El problema se presenta en la gestión de la configuración 'post_call_rules', donde se puede añadir una función de devolución de llamada. El valor proporcionado se divide en el último punto \".\"; la última parte se considera el nombre de la función y la parte restante se añade con la extensión \".py\" y se importa. Esto permite a un atacante configurar un método del sistema, como \"os.system\", como devolución de llamada, lo que permite la ejecución de comandos arbitrarios al procesar una respuesta de chat."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.65.4","matchCriteriaId":"CA751173-C195-4141-990E-BF283359EB51"},{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:1.65.4:dev2:*:*:*:*:*:*","matchCriteriaId":"9FF1A650-6A97-453B-AC95-C05B9864B71C"}]}]}],"references":[{"url":"https://github.com/berriai/litellm/commit/441c7275ed2715f47650a7c2e525055c804073a9","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/1d98bebb-6cf4-46c9-87c3-d3b1972973b5","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}