HIGHCVE-2024-6825CVSS 8.8

CVE-2024-6825: RCE in litellm Python Library

Q: How do I fix CVE-2024-6825 in litellm?

Upgrade to version v1.65.4.dev6 or later. As a temporary workaround, disable the 'post_call_rules' configuration.

Platform

python

Component

litellm

Fixed in

v1.65.4.dev6

1.40.13

AI Confidence: highNVDEPSS 1.3%Reviewed: May 2026

View on NVD

Save

CVE-2024-6825 is a Remote Code Execution (RCE) vulnerability affecting versions of the litellm Python library up to 1.40.12. This flaw allows attackers to execute arbitrary commands on a system by manipulating the 'postcallrules' configuration. A fix is available in version v1.65.4.dev6, and users are strongly encouraged to upgrade immediately.

Impact and Attack Scenarios

The vulnerability lies in the way litellm handles the 'postcallrules' configuration, which allows users to define callback functions to be executed after a chat response is processed. An attacker can exploit this by injecting a malicious callback function name. The library splits the provided value at the final '.' mark, treating the last part as the function name and appending '.py'. This allows an attacker to specify a system method, such as 'os.system', as the callback, effectively enabling arbitrary command execution when a chat response is processed. The potential impact is severe, as an attacker could gain complete control over the system running the litellm library, leading to data breaches, system compromise, and further malicious activity.

Exploitation Context

CVE-2024-6825 was published on 2025-03-20. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. While no active exploitation campaigns have been confirmed, the ease of exploitation makes this a high-priority vulnerability to address.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

1.35% (80% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impacttotal

CVSS Vector

Affected Software

Componentlitellm

Vendorosv

Affected rangeFixed in

unspecified – v1.65.4.dev6v1.65.4.dev6

1.40.3.dev2 – 1.40.121.40.13

Weakness Classification (CWE)

CWE-94

Timeline

Reserved2024-07-16
Published2025-03-20
Modified2025-10-16
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2024-6825 is to upgrade to version v1.65.4.dev6 or later. If upgrading immediately is not feasible, consider temporarily disabling the 'postcallrules' configuration to prevent the vulnerability from being exploited. Review existing 'postcallrules' configurations for any suspicious or unexpected function names. Implement input validation and sanitization on any user-provided data used in the 'postcallrules' configuration to prevent malicious code injection. Monitor system logs for any unusual activity or command executions related to litellm.

How to fix

Actualice la biblioteca litellm a la versión 1.65.4.dev6 o superior. Esto corrige la vulnerabilidad de ejecución remota de código al validar correctamente las funciones de callback configuradas en 'post_call_rules'. Asegúrese de verificar la integridad de la nueva versión después de la actualización.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-6825 — RCE in litellm?

CVE-2024-6825 is a Remote Code Execution vulnerability in litellm versions up to 1.40.12, allowing attackers to execute arbitrary commands through the 'postcallrules' configuration.

Am I affected by CVE-2024-6825 in litellm?

You are affected if you are using litellm version 1.40.12 or earlier. Check your version and upgrade immediately.

How do I fix CVE-2024-6825 in litellm?

Upgrade to version v1.65.4.dev6 or later. As a temporary workaround, disable the 'postcallrules' configuration.

Is CVE-2024-6825 being actively exploited?

No active exploitation campaigns have been confirmed, but the vulnerability's ease of exploitation warrants immediate attention and mitigation.

Where can I find the official litellm advisory for CVE-2024-6825?

Refer to the litellm project's official security advisories and release notes on their GitHub repository for the latest information.

NextGuard

Vulnerabilities

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Supported formats: requirements.txt · Pipfile.lock

Scan free

Search CVEs

Upload requirements.txt

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: High — complete crash or resource exhaustion. Full denial of service.