{"data":{"id":"80b31b18-7db9-46a6-9d1a-ed808317fef4","title":"CVE-2025-10875: Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allow","summary":"CVE-2025-10875 is a vulnerability in Salesforce Mulesoft Anypoint Code Builder that allows improper neutralization of input used for LLM prompting (a technique where attackers manipulate AI system instructions through user input), leading to code injection (inserting malicious code into a system). This vulnerability affects versions of the software before 1.11.6.","solution":"Update Mulesoft Anypoint Code Builder to version 1.11.6 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-10875","publishedAt":"2025-11-04T19:17:09.160Z","cveId":"CVE-2025-10875","cweIds":["CWE-94"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Salesforce Mulesoft Anypoint Code Builder"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00073,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}