CVE-2025-67509

Name of the Vulnerable Software and Affected Versions Neuron versions 2.8.11 and below

Description Neuron is a PHP framework used for creating and orchestrating AI Agents. The framework utilizes MySQLSelectTool, which has a Read-Only Bypass issue. The tool’s validation, based on the first keyword (e.g., SELECT) and a forbidden-keyword list, does not prevent file-writing constructs like INTO OUTFILE or INTO DUMPFILE. An attacker influencing the tool’s input, such as through prompt injection via a public agent endpoint, may write arbitrary files to the database server if the MySQL/MariaDB account possesses the FILE privilege and the server configuration allows writes to a useful location, like a web-accessible directory.

Recommendations Update to version 2.8.12 or later.