CVE-2025-67510

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12

Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare() and execute() without restrictions. This occurs because the tool is designed to write SQL, but in an AI agent context, it presents a high risk. Prompt injection or indirect prompt manipulation could lead to the execution of destructive database queries, such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements, depending on the database user's permissions. Deployments exposing an agent with the MySQLWriteTool enabled to untrusted input, or running the tool with a database user possessing broad privileges, are susceptible to this issue.

Recommendations Update to version 2.8.12 or later.