← volver
CVE-2025-61679

Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data

CVSS 7.7 HIGHEPSS 0.1%CWE-200CWE-287
Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
julien040 · anyquery

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/julien040/anyquery/commit/43cd8bd3354b9725b245a2354b08e1c9be1cc1d3https://github.com/julien040/anyquery/releases/tag/0.4.4https://github.com/julien040/anyquery/security/advisories/GHSA-5f7p-rhmq-hvc7