CVE-2025-61679 is a high-severity vulnerability affecting versions 0.4.3 and below of 'anyquery', an SQL query engine built on top of SQLite developed by julien040. The vulnerability arises from an unauthenticated HTTP server interface that listens on a localhost port. Attackers who have already gained access to the localhost environment, even with low privileges, can exploit this flaw to query the HTTP server without authentication. This allows unauthorized actors to retrieve sensitive integration data such as email addresses. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information) and CWE-287 (Improper Authentication), indicating that sensitive data is exposed due to missing or inadequate authentication controls. The issue does not require user interaction and can be exploited with low attack complexity, but it does require prior access to the localhost environment. The vulnerability does not impact availability but has a high impact on confidentiality and integrity, as attackers can access and potentially manipulate sensitive data. The flaw was addressed in version 0.4.4 of anyquery, which implements proper authentication mechanisms to prevent unauthorized access to the HTTP server interface. No known exploits are currently reported in the wild, but the vulnerability's presence in a query engine that may be used in integration scenarios makes it a significant risk if left unpatched.

For European organizations, this vulnerability poses a significant risk particularly to those using anyquery versions prior to 0.4.4 in their internal data processing or integration workflows. Exposure of sensitive information such as emails can lead to privacy violations under GDPR, resulting in regulatory penalties and reputational damage. Attackers with low-privilege access to localhost could escalate their access by leveraging this vulnerability to extract confidential data, potentially facilitating further attacks such as phishing or lateral movement within the network. Organizations in sectors with strict data protection requirements (e.g., finance, healthcare, government) are especially vulnerable. The lack of authentication on the HTTP server interface means that even limited internal compromise can lead to significant data exposure. While the vulnerability requires prior localhost access, this is a common scenario in multi-user systems or environments where containerized or virtualized services run. Therefore, the impact extends beyond direct attackers to include insider threats or compromised internal systems.

European organizations should immediately upgrade anyquery to version 0.4.4 or later to ensure the vulnerability is patched. In addition to patching, organizations should restrict access to localhost services by implementing strict network segmentation and host-based firewall rules that limit which processes and users can access the anyquery HTTP server port. Employing application-level access controls and monitoring localhost traffic for unusual query patterns can help detect exploitation attempts. It is also advisable to audit and minimize the number of users and processes with localhost access privileges to reduce the attack surface. Regularly reviewing integration points and sensitive data flows involving anyquery will help identify and mitigate potential data exposure. Finally, organizations should ensure that sensitive data such as emails are encrypted at rest and in transit within internal systems to reduce the impact of any unauthorized access.