cvedb.io
CVE-2025-67743
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2025-12-23T01:15:43.160 · Last modified 2026-06-17T09:58:04.300

Summary

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9.

Affected products

learningcircuit — local_deep_research

Does this affect you?

Add your gear to cvedb and we'll alert you only when learningcircuit ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.