CVE-2025-67743 is a Server-Side Request Forgery (SSRF) vulnerability identified in the LearningCircuit product local-deep-research, specifically affecting versions from 1.3.0 up to but not including 1.3.9. The vulnerability stems from the download_service.py component making HTTP requests using raw requests.get() calls without leveraging the application's built-in SSRF protections implemented in safe_requests.py. This design flaw allows an attacker who can interact with the API to submit crafted URLs that the server will fetch, potentially accessing internal network resources that are otherwise inaccessible externally. Critical targets include cloud provider metadata endpoints such as those from AWS, Google Cloud Platform, and Microsoft Azure, which can expose sensitive credentials or configuration data. The vulnerability requires the attacker to have at least low-level privileges to interact with the API but does not require user interaction beyond that. The attack complexity is high due to the need to craft specific requests and potentially bypass surrounding network controls. The vulnerability impacts confidentiality by exposing sensitive internal resources but does not affect integrity or availability directly. The issue was publicly disclosed on December 23, 2025, with a CVSS v3.1 base score of 6.3, categorized as medium severity. No known exploits have been reported in the wild, but the risk remains significant due to the potential exposure of cloud metadata services. The vendor addressed the vulnerability in version 1.3.9 by ensuring all HTTP requests utilize the safe_requests.py protections to prevent SSRF attacks.

For European organizations, this SSRF vulnerability poses a significant risk to confidentiality, particularly for those deploying local-deep-research in environments with access to sensitive internal services or cloud infrastructure. Exploitation could lead to unauthorized disclosure of cloud metadata, which often contains temporary credentials or tokens that can be leveraged for lateral movement or privilege escalation within cloud environments. This is especially critical for organizations relying on AWS, GCP, or Azure, as exposure of metadata endpoints can compromise entire cloud workloads. Internal network reconnaissance enabled by SSRF can also facilitate further attacks against internal services, increasing the attack surface. Given the AI assistant's role in research, organizations in sectors such as academia, finance, healthcare, and government may be targeted due to the sensitivity of their data and research outputs. The medium CVSS score reflects moderate ease of exploitation combined with significant confidentiality impact. The absence of known exploits reduces immediate risk but does not eliminate it, especially as attackers may develop exploits post-disclosure. Failure to patch or mitigate this vulnerability could lead to data breaches, regulatory non-compliance under GDPR, and reputational damage.

European organizations should immediately upgrade local-deep-research to version 1.3.9 or later, where the SSRF vulnerability has been patched. If immediate upgrading is not feasible, implement strict network egress filtering to block outbound HTTP requests from the application server to internal IP ranges and cloud metadata IP addresses (e.g., 169.254.169.254 for AWS). Employ application-layer firewall rules or API gateways to validate and sanitize URLs submitted to the download service, ensuring only trusted domains are reachable. Conduct thorough code reviews and penetration testing focusing on SSRF vectors within the application. Monitor logs for unusual outbound requests or access patterns indicative of SSRF exploitation attempts. Additionally, restrict API access to trusted users and enforce strong authentication and authorization controls to limit the attack surface. For cloud environments, implement metadata service protections such as AWS IMDSv2 or equivalent to reduce risk from SSRF attacks. Finally, maintain an incident response plan tailored to SSRF exploitation scenarios.