Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

INFO

Published Date :

2025-12-10T22:55:21.253Z

Last Modified :

2025-12-11T15:37:39.220Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67510 vulnerability.

Vendors Products
Neuron-core
  • Neuron-ai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67510.

URL Resource
https://github.com/neuron-core/neuron-ai/commit/44bab85d92bf162898ee48d0bcef6ba0d29b59c9 cve-icon cve-icon
https://github.com/neuron-core/neuron-ai/releases/tag/2.8.12 cve-icon cve-icon
https://github.com/neuron-core/neuron-ai/security/advisories/GHSA-898v-775g-777c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact