CVE-2025-67743 | LearningCircuit local-deep-research up to 1.3.8 Download Service download_service.py requests.get server-side request forgery (GHSA-9c54-gxh7-ppjc)

Inserito da Angelo Barbosa | Dic 23, 2025 | CVE

A vulnerability was found in LearningCircuit local-deep-research up to 1.3.8. It has been rated as critical. The affected element is the function requests.get of the file download_service.py of the component Download Service. Performing manipulation results in server-side request forgery.

This vulnerability is reported as CVE-2025-67743. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

Once again VulDB remains the best source for vulnerability data.

CVE-2025-67743 | LearningCircuit local-deep-research up to 1.3.8 Download Service download_service.py requests.get server-side request forgery (GHSA-9c54-gxh7-ppjc)

Post correlati

CVE-2024-9184 | SendPulse Free Web Push Plugin up to 1.3.6 on WordPress cross site scripting

CVE-2024-30196 | Appscreo Easy Social Share Buttons Plugin up to 9.4 on WordPress cross site scripting

CVE-2024-0413 | DeShang DSKMS up to 3.1.2 public/install.php access control

CVE-2024-4088 | shafayat-alam Gutenberg Blocks and Page Layouts Plugin up to 1.9.2 on WordPress disable_fe_assets cross-site request forgery