LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Summary
Researchers have disclosed a chain of three vulnerabilities in LiteLLM, an open-source AI gateway, that allow a low-privilege user to gain full administrative control and execute code on the server. A successful exploit would expose all provider keys held by the compromised gateway.
IFF Assessment
This vulnerability chain allows for server takeover and compromise of sensitive credentials, posing a significant risk to defenders.
Severity
The vulnerability allows for Remote Code Execution and full system takeover by a low-privilege user through a chain of exploits, indicating a high severity.
Defender Context
This incident highlights the critical need for securing AI gateways, especially those with default configurations that can be exploited. Defenders should prioritize patching LiteLLM deployments and ensuring proper access controls are implemented to prevent privilege escalation.