CVE-2024-9606

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 20, 2025

Updated: Apr 7, 2025

CWE ID 116

CWE ID 117

Summary

CVE-2024-9606 is a vulnerability affecting the berriai/litellm library before version 1.44.12. In the `litellm_logging.py` file, a issue in the API key masking code exposes a significant portion of the secret key. Instead of concealing the entire key, the code only masks the first five characters, making almost the entire key visible in the logs. This issue poses a major security risk, as the leakage of API keys can grant unauthorized access to sensitive data or systems, with version v1.44.9 being particularly vulnerable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LiteLLM

Affected Vendors

litellm

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zSzV0j
https://www.cve.org/CVERecord?id=CVE-2024-9606
https://nvd.nist.gov/vuln/detail/CVE-2024-9606

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners