ByteOS Network

NVD Vulnerability Details :

CVE-2025-57806

Awaiting Analysis

Source-security-advisories@github.com

Published At-03 Sep, 2025 | 01:15

Updated At-04 Sep, 2025 | 15:36

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-312	Primary	security-advisories@github.com
CWE-522	Primary	security-advisories@github.com

CWE ID: CWE-312

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-522

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
http://github.com/LearningCircuit/local-deep-research/releases/tag/v1.0.0	security-advisories@github.com	N/A
https://github.com/LearningCircuit/local-deep-research/pull/578	security-advisories@github.com	N/A
https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-4h8c-qrcq-cv5c	security-advisories@github.com	N/A