CVE-2025-61679
📋 TL;DR
Anyquery versions 0.4.3 and below expose an unauthenticated HTTP server on localhost that allows attackers with local access to access private integration data like emails without triggering foreign login warnings. This affects systems running vulnerable Anyquery versions where the HTTP server is enabled. Attackers need local network access to exploit this vulnerability.
💻 Affected Systems
- Anyquery
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with local network access can exfiltrate sensitive integration data including emails, credentials, and other private information stored in Anyquery integrations without detection.
Likely Case
Malicious insiders or attackers who gain initial foothold on the network can access sensitive integration data through the unauthenticated HTTP interface.
If Mitigated
With proper network segmentation and access controls, only authorized users can reach the vulnerable service, limiting exposure.
🎯 Exploit Status
Exploitation requires network access to the vulnerable HTTP server port on localhost. No authentication is required to access the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.4.4
Vendor Advisory: https://github.com/julien040/anyquery/security/advisories/GHSA-5f7p-rhmq-hvc7
Restart Required: Yes
Instructions:
1. Stop Anyquery service. 2. Update to version 0.4.4 using package manager or manual installation. 3. Restart Anyquery service. 4. Verify the fix by checking version and testing access controls.
🔧 Temporary Workarounds
Disable HTTP Server
allDisable the Anyquery HTTP server if not required for functionality
Stop the Anyquery service or disable HTTP server in configuration
Network Access Control
linuxRestrict network access to the Anyquery HTTP server port using firewall rules
iptables -A INPUT -p tcp --dport [ANYQUERY_PORT] -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport [ANYQUERY_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Anyquery instances from untrusted networks
- Monitor network traffic to the Anyquery HTTP port for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if Anyquery version is 0.4.3 or below and HTTP server is accessible without authentication on localhostCheck Version:
anyquery --version or check package manager for installed versionVerify Fix Applied:
Verify version is 0.4.4 or higher and test that HTTP endpoints require proper authentication📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to Anyquery HTTP endpoints
- Access to integration data endpoints from unexpected sources
Network Indicators:
- HTTP requests to Anyquery port without authentication headers
- Traffic to integration data endpoints from unauthorized IPs
SIEM Query:
source="anyquery.log" AND (http_status=200 OR http_status=401) AND NOT user_agent="authenticated_client"