CVE-2025-67510

CVE-2025-67510 is a critical-severity security vulnerability in neuron-core/neuron-ai (composer), affecting versions <= 2.8.11. It is fixed in 2.8.12.

Summary

Workarounds

  • Do not enable MySQLWriteTool for public/untrusted agents.

  • Use a dedicated DB user with least privilege:

    • no DROP, no ALTER, no GRANT, no access to sensitive tables unless necessary
  • Add an application-layer policy rejecting high-risk statements (DROP, TRUNCATE, ALTER, GRANT, REVOKE, CREATE USER, etc.).

  • Implement authorization gating for tool calls (RBAC, allow tool use only for trusted operators).

Impact

MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions.

This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions).

Who is impacted: Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges.

CVE-2025-67510 has a CVSS score of 9.4 (Critical). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.8.12); upgrading removes the vulnerable code path.

Affected versions

neuron-core/neuron-ai (<= 2.8.11)

Security releases

neuron-core/neuron-ai → 2.8.12 (composer)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Not patched in: 2.8.11

Recommended improvements (even if keeping the tool intentionally powerful):

  • Provide a safer API that supports only constrained operations (e.g., insertRecord, updateRecord) with allowlisted tables/columns.

  • Add a policy/allowlist layer (e.g., allow only INSERT/UPDATE on selected tables; forbid DROP/TRUNCATE/ALTER/GRANT).

  • Add optional review workflow: log + require human approval for high-risk statements; or “dry-run” mode.

  • Document strongly that the tool must not be exposed to untrusted prompts without additional safeguards.

Frequently Asked Questions

  1. What is CVE-2025-67510? CVE-2025-67510 is a critical-severity security vulnerability in neuron-core/neuron-ai (composer), affecting versions <= 2.8.11. It is fixed in 2.8.12.
  2. How severe is CVE-2025-67510? CVE-2025-67510 has a CVSS score of 9.4 (Critical). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of neuron-core/neuron-ai are affected by CVE-2025-67510? neuron-core/neuron-ai (composer) versions <= 2.8.11 is affected.
  4. Is there a fix for CVE-2025-67510? Yes. CVE-2025-67510 is fixed in 2.8.12. Upgrade to this version or later.
  5. Is CVE-2025-67510 exploitable, and should I be worried? Whether CVE-2025-67510 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2025-67510 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2025-67510? Upgrade neuron-core/neuron-ai to 2.8.12 or later.

Other vulnerabilities in neuron-core/neuron-ai

CVE-2025-67509

Stop the waste.
Protect your environment with Kodem.