{"data":{"id":"5a5bff0e-b378-46bd-ad79-6bb08e1497e8","title":"CVE-2025-67509: Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which","summary":"Neuron is a PHP framework for building AI agents that can query databases. Versions 2.8.11 and below have a flaw in MySQLSelectTool, a component meant to safely let AI agents read from databases. The tool only checks if a command starts with SELECT and blocks certain words, but misses SQL commands like INTO OUTFILE that write files to disk. An attacker could use prompt injection (tricking an AI by hiding instructions in its input) through a public agent endpoint to write files to the database server if it has the right permissions.","solution":"Fixed in version 2.8.12.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-67509","publishedAt":"2025-12-10T23:15:48.823Z","cveId":"CVE-2025-67509","cweIds":["CWE-94"],"cvssScore":"8.2","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Neuron"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00063,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}