CVE-2025-57806

Vulnerability Description

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the database location, allowing anyone with access to the container or host filesystem to retrieve sensitive data in plaintext by accessing the .db file. This is fixed in version 1.0.0.

Related Weaknesses (CWE)

References

• http://github.com/LearningCircuit/local-deep-research/releases/tag/v1.0.0
• https://github.com/LearningCircuit/local-deep-research/pull/578
• https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-

FAQ

What is CVE-2025-57806?

CVE-2025-57806 is a documented vulnerability. Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database witho...

How severe is CVE-2025-57806?

CVSS scoring is not yet available for CVE-2025-57806. Check NVD for updates.

Is there a patch for CVE-2025-57806?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.