LiteLLM, Denial of Service (DoS), CVE-2025-XXXX (High Severity)

By /

Listen to this Post

How the CVE Works:

The vulnerability in LiteLLM (CVE-2025-XXXX) stems from the unsafe use of Python’s `ast.literal_eval` function to parse user input. This function is designed to evaluate strings containing Python expressions safely, but it can be exploited by malicious actors to cause a Denial of Service (DoS) attack. By sending specially crafted input, an attacker can trigger excessive resource consumption, such as CPU or memory exhaustion, leading to the crashing of the LiteLLM Python server. The issue is particularly severe because it does not require authentication, making it accessible to any unauthenticated user. This vulnerability was identified in commit 26c03c9 of the BerriAI/litellm repository.

DailyCVE Form:

Platform: LiteLLM
Version: Commit 26c03c9
Vulnerability: Denial of Service (DoS)
Severity: High
Date: Mar 20, 2025

What Undercode Say:

Exploitation:

  1. Crafting Malicious Input: Attackers can send a payload containing deeply nested or recursive structures to ast.literal_eval, causing the server to consume excessive resources. 
    payload = "[bash]" 1000000 Example of a resource-exhaustion payload
  2. Sending Payload: The payload is sent via an unauthenticated API endpoint or input field that uses ast.literal_eval. 
    curl -X POST http://target-server/api -d '{"input": "'"$payload"'"}'

Protection:

  1. Input Validation: Replace `ast.literal_eval` with safer alternatives like `json.loads` for JSON input or implement strict input validation. 
    import json
safe_input = json.loads(user_input)
  2. Rate Limiting: Implement rate limiting to prevent abuse of the endpoint. 
    from flask_limiter import Limiter
limiter = Limiter(app, key_func=get_remote_address)
  3. Resource Monitoring: Monitor server resources to detect and mitigate abnormal usage patterns. 
    top -b -n 1 | grep python
  4. Patch Update: Update LiteLLM to a patched version that addresses this vulnerability.

Analytics:

  • Impact: High, as it can crash the server and disrupt services.
  • Exploit Complexity: Low, as it requires no authentication.
  • Mitigation Difficulty: Medium, requiring code changes and monitoring.

Commands:

  • Check Server Status: 
    systemctl status litellm
  • Monitor CPU Usage: 
    htop
  • Test Patch: 
    git pull origin main && python3 -m pytest tests/

Code Snippets:

  • Safe Input Parsing: 
    def safe_parse(input):
try:
return json.loads(input)
except json.JSONDecodeError:
raise ValueError("Invalid input")
  • Logging Suspicious Activity: 
    import logging
logging.basicConfig(filename='litellm.log', level=logging.WARNING)
logging.warning(f"Suspicious input detected: {user_input}")

    By following these steps, users can mitigate the risk of this high-severity vulnerability and protect their LiteLLM instances from exploitation.

References:

Reported By: https://github.com/advisories/GHSA-gw2q-qw9j-rgv7
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top