Local Deep Research Vulnerability Exposes Sensitive Data in SQLite Database
CVE-2025-57806

6.9MEDIUM

Key Information:

Vendor

Learningcircuit

Status
Local-deep-research
Vendor
CVE Published:
3 September 2025

What is CVE-2025-57806?

Local Deep Research, a powerful AI-driven research assistant, was found to store sensitive information such as API keys in an unencrypted SQLite database. This design flaw left confidential data accessible to users with filesystem access, as the locations of the database were not configurable and the storage practices were insufficiently documented. Version 1.0.0 addresses this issue by enhancing data protection measures.

Affected Version(s)

local-deep-research >= 0.2.0, < 1.0.0

References

https://github.com/LearningCircuit/local-deep-research/se...
x_refsource_CONFIRM
https://github.com/LearningCircuit/local-deep-research/pu...
x_refsource_MISC
http://github.com/LearningCircuit/local-deep-research/rel...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-57806 : Local Deep Research Vulnerability Exposes Sensitive Data in SQLite Database