CVE-2025-57806

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-57806
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57806.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-57806
Aliases
  • GHSA-4h8c-qrcq-cv5c
Published
2025-09-03T00:47:24.262Z
Modified
2026-04-02T13:07:25.420954Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Local Deep Research's API keys are stored in plain text
Details

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0.

Database specific 
{
    "cwe_ids": [
        "CWE-312",
        "CWE-522"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57806.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git
github.com/learningcircuit/local-deep-research

Affected ranges

Type
GIT
Repo
http://github.com/learningcircuit/local-deep-research
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1394ee66317fc9b37ad667030dc27b7f07cdccd0
Database specific 
{
    "versions": [
        {
            "introduced": "0.2.0"
        },
        {
            "fixed": "1.0.0"
        }
    ]
}

Affected versions

0.*
0.6.7
v0.*
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.9
v0.6.0
v0.6.1
v0.6.4
v0.6.5
v0.6.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57806.json"
github.com/LearningCircuit/local-deep-research

Affected ranges

Type
GIT
Repo
https://github.com/LearningCircuit/local-deep-research
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4d92fb4d0b1e7360bbb9bfa70c322d5bf563ef54
Database specific 
{
    "versions": [
        {
            "introduced": "0.2.0"
        },
        {
            "last_affected": "0.6.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/learningcircuit/local-deep-research
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1394ee66317fc9b37ad667030dc27b7f07cdccd0

Affected versions

0.*
0.6.7
v0.*
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.9
v0.6.0
v0.6.1
v0.6.4
v0.6.5
v0.6.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57806.json"