AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-67510: Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool exe

criticalvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseDecember 10, 2025CVE-2025-67510

Summary

Neuron is a PHP framework for creating AI agents that can perform tasks, and versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool component. The tool runs database commands without checking if they're safe, allowing attackers to use prompt injection (tricking the AI by hiding instructions in its input) to execute harmful SQL commands like deleting entire tables or changing permissions if the database user has broad access rights.

Solution / Mitigation

Update to version 2.8.12, which fixes this issue.

Vulnerability Details

CVSS Score

9.4(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack Type

Prompt InjectionRAG Poisoning

Attack SophisticationModerate

Impact (CIA+S)

integrity

Taxonomy References

CWE (Weakness Type)

CWE-250 CWE-284

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%