Home > Vulnerability Database > CVE-2025-67510

Mend.io Vulnerability Database

CVE-2025-67510

Good to know:

Date: December 10, 2025

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Severity Score

9.4

Related Resources (6)

Url: https://github.com/neuron-core/neuron-ai/security/advisories/GHSA-898v-775g-777c

Url: https://github.com/neuron-core/neuron-ai

Url: https://github.com/neuron-core/neuron-ai/releases/tag/2.8.12

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67510

Url: https://github.com/neuron-core/neuron-ai/commit/44bab85d92bf162898ee48d0bcef6ba0d29b59c9

Url: https://www.mend.io/vulnerability-database/CVE-2025-67510

Severity Score

9.4

Weakness Type (CWE)

Improper Access Control

CWE-284

Execution with Unnecessary Privileges

CWE-250

Top Fix

Upgrade Version

Upgrade to version neuron-core/neuron-ai - 2.8.12

Learn More

CVSS v3.1

Base Score:	9.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67510

Good to know:

Date: December 10, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?