Home > Vulnerability Database > CVE-2025-61679

Mend.io Vulnerability Database

CVE-2025-61679

Good to know:

Date: October 3, 2025

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4.

Severity Score

7.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61679

Url: https://github.com/julien040/anyquery/releases/tag/0.4.4

Url: https://github.com/julien040/anyquery/commit/43cd8bd3354b9725b245a2354b08e1c9be1cc1d3

Url: https://github.com/julien040/anyquery/security/advisories/GHSA-5f7p-rhmq-hvc7

Url: https://www.mend.io/vulnerability-database/CVE-2025-61679

Severity Score

7.7

Weakness Type (CWE)

Improper Authentication

CWE-287

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version https://github.com/julien040/anyquery.git - 0.4.4

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61679

Good to know:

Date: October 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?