The vulnerability identified as CVE-2025-61679 affects anyquery, an SQL query engine built on SQLite, specifically versions 0.4.3 and earlier. The core issue is an exposure of sensitive information (CWE-200) due to an unauthenticated HTTP server interface that anyquery exposes on localhost. Attackers who have already gained local access to the host, even with minimal privileges, can connect to this HTTP server without authentication and retrieve private integration data such as email addresses. The vulnerability also involves improper authentication controls (CWE-287), as the HTTP server does not require credentials or provide warnings about foreign logins. This flaw allows unauthorized actors to bypass intended access restrictions and extract confidential data, potentially leading to privacy breaches or further attacks. The vulnerability does not require user interaction and does not affect availability but has a high impact on confidentiality and integrity. The CVSS 3.1 base score is 7.7, reflecting a high severity with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high confidentiality and integrity impacts (C:H/I:H/A:N). No known exploits are reported in the wild as of the publication date. The issue is resolved in anyquery version 0.4.4.

For European organizations, this vulnerability poses a significant risk to confidentiality and integrity of sensitive data managed by anyquery, especially integration data like emails that may be critical for business operations or contain personal information protected under GDPR. Unauthorized access to such data could lead to data breaches, regulatory penalties, loss of customer trust, and potential lateral movement within compromised networks. Since exploitation requires local access, the threat is particularly relevant in environments where multiple users share systems, or where attackers can gain footholds via other vulnerabilities or insider threats. Organizations relying on anyquery for data integration or query services may face exposure of sensitive internal data, which could be leveraged for phishing, social engineering, or further compromise. The lack of authentication and alerting increases the stealthiness of the attack, complicating detection and response efforts.

European organizations should immediately upgrade anyquery installations to version 0.4.4 or later to remediate this vulnerability. Additionally, restrict local access to systems running anyquery by enforcing strict user permissions and network segmentation to limit who can connect to localhost services. Implement host-based intrusion detection systems (HIDS) to monitor unusual local HTTP connections and access patterns. Regularly audit and harden configurations to ensure no unnecessary services are exposed without authentication. Employ application whitelisting and endpoint protection to prevent unauthorized code execution that could lead to local access. Finally, conduct security awareness training to reduce insider threats and monitor logs for signs of suspicious activity related to anyquery or its HTTP interface.