CVE-2025-45809

MEDIUM LAB

litellm < 1.81.0 - SQL Injection via Key Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45809. PoCs published by learner202649.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-45809, a time-based blind SQL injection vulnerability in LiteLLM's `/key/block` and `/key/unblock` endpoints. The exploit demonstrates the vulnerability by leveraging PostgreSQL's `pg_sleep()` function to confirm the injection and extract data.

Description

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.

Exploits (1)

github WORKING POC
by learner202649 · pythonpoc
https://github.com/learner202649/CVE-2025-45809-PoC

This repository contains a functional proof-of-concept exploit for CVE-2025-45809, a time-based blind SQL injection vulnerability in LiteLLM's `/key/block` and `/key/unblock` endpoints. The exploit demonstrates the vulnerability by leveraging PostgreSQL's `pg_sleep()` function to confirm the injection and extract data.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: LiteLLM < 1.81.0
No auth needed
Prerequisites: PostgreSQL backend · access to `/key/block` or `/key/unblock` endpoints
devstral-2 · analyzed May 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0025
EPSS Percentile 16.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull ghcr.io/berriai/litellm:v1.83.10-stable

Details

CWE
CWE-89
Status published
Products (1)
litellm/litellm 1.65.4
Published Jul 03, 2025
Tracked Since Feb 18, 2026