CVE-2025-67509
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2026-03-06

Assigner: GitHub, Inc.

Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67509
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
neuron-ai neuron to 2.8.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Neuron PHP framework versions 2.8.11 and below, specifically in the MySQLSelectTool component. The tool is intended to be read-only for SQL queries, but its validation only checks the first keyword and a forbidden-keyword list, which does not prevent file-writing SQL constructs like INTO OUTFILE or INTO DUMPFILE. An attacker who can influence the input to this tool, for example through prompt injection on a public agent endpoint, may exploit this to write arbitrary files to the database server if the MySQL/MariaDB account has the FILE privilege and the server configuration allows writing to locations such as web-accessible directories. This vulnerability is fixed in version 2.8.12.

Impact Analysis

This vulnerability can allow an attacker to write arbitrary files to the database server, potentially to locations accessible via the web. This could lead to unauthorized file creation, modification, or even remote code execution if malicious files are placed in executable directories. The impact includes loss of data integrity and confidentiality, and it may allow attackers to compromise the server or escalate privileges.

Mitigation Strategies

Upgrade Neuron to version 2.8.12 or later, where the vulnerability is fixed. Additionally, restrict or remove the FILE privilege from MySQL/MariaDB accounts used by the application to prevent arbitrary file writes. Review server configuration to ensure that writing files to web-accessible directories is not permitted.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67509. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart