216.73.217.80

CVE-2025-57806

· Published 03/09/2025 01:15 · Modified 03/09/2025 01:15

Labels: CVE-2025-57806 2025-09-03CVE-2025-57806CWE-312[email protected]

Essential information

Published
03/09/2025 01:15
Modified
03/09/2025 01:15
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
local deep research / local deep research cpe:2.3:a:local_deep_research:local_deep_research:<0.2.0-0.6.7>*:*:*:*:*:*:*
local deep research / local deep research cpe:2.3:a:local_deep_research:local_deep_research:*:*:*:*:*:*:*:*

References