CVE-2025-67510

CRITICAL
Published Dec 10, 2025 Modified Mar 6, 2026 CWE-250 CWE-284

Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

CVSS v3.1 Score

9.4
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Weakness Type (CWE)

CWE-250 CWE-250
CWE-284 CWE-284

Affected Products

Vendor Product
neuron-ai neuron

References

Frequently Asked Questions

What is CVE-2025-67510? +
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12. It has a CVSS v3.1 base score of 9.4 (CRITICAL).
How severe is CVE-2025-67510? +
CVE-2025-67510 has a CVSS v3.1 score of 9.4 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-67510? +
CVE-2025-67510 affects products from neuron-ai, specifically: neuron. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-67510? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-67510 — free, no signup required.

Start Free Scan