Vulnerabilities

CVE-2025-67743 - Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Downl...

2025-12-23 0 views admin

CVE ID : CVE-2025-67743 Published : Dec. 23, 2025, 1:15 a.m. | 54 minutes ago Description : Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-67743

Severity

MEDIUM

Published

Dec. 23, 2025

Affected Product: AWS

Attack Vector: Local

Impact: SSRF

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-67743mediumaws

CVE-2025-67743 - Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Downl...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-68615 - Net-SNMP snmptrapd crash

CVE-2025-15034 - itsourcecode Student Management System record.php sql injection

CVE-2025-34458 - wb2osz/direwolf <= 1.8 reachable assertion dos

CVE-2025-34457 - wb2osz/direwolf <= 1.8 stack-based buffer overflow dos

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting