CVE-2025-61679

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-61679

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61679.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61679

Aliases

GHSA-5f7p-rhmq-hvc7

Published

2025-10-03T21:27:35.612Z

Modified

2025-12-05T10:21:01.451972Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data

Details

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200",
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61679.json"
}

References

Affected packages

Git / github.com/julien040/anyquery

Affected ranges

Type: GIT
Repo: https://github.com/julien040/anyquery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0abd46087f7085339914c79592cdf44ebd3ce5a1

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.2.0

0.2.1

0.2.2

0.3.0

0.3.1

0.4.0

0.4.1

0.4.2

0.4.3

v0.*

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6