平台
php
组件
neuron-core/neuron-ai
修复版本
2.8.13
2.8.12
CVE-2025-67509 is a Remote Code Execution (RCE) vulnerability affecting versions of neuron-core/neuron-ai up to and including 2.8.9. This vulnerability allows attackers to potentially write arbitrary files to the database server, leading to complete system compromise. A fix is available in version 2.8.12, and users are strongly advised to upgrade immediately.
The MySQLSelectTool component, designed for read-only SQL queries, suffers from inadequate input validation. While intended to block malicious SQL commands, the validation mechanism fails to prevent file-writing constructs like INTO OUTFILE or INTO DUMPFILE. This flaw allows an attacker who can influence the tool's input – for example, through prompt injection in a public agent endpoint – to write arbitrary content to files on the database server. The severity of this vulnerability is amplified if the MySQL/MariaDB account possesses the FILE privilege and the server configuration permits writes to a publicly accessible directory, such as a web server's document root. Successful exploitation could lead to remote code execution, data exfiltration, and complete system takeover.
CVE-2025-67509 was published on 2025-12-09. Public proof-of-concept code is currently unknown, but the vulnerability's nature and the ease of prompt injection suggest a high likelihood of exploitation. The vulnerability's impact, combined with the potential for widespread deployment of neuron-core/neuron-ai, warrants careful attention. It is not currently listed on the CISA KEV catalog, but its severity and potential impact may lead to future inclusion.
Organizations deploying neuron-core/neuron-ai with publicly accessible agent endpoints are particularly at risk. This includes those utilizing the tool for LLM agent querying and those who have granted the MySQL/MariaDB account the FILE privilege. Shared hosting environments where multiple users share the same database server are also vulnerable, as a compromised agent could impact other users' data.
• php: Examine application logs for SQL queries containing INTO OUTFILE or INTO DUMPFILE.
• php: Use grep to search for instances of MySQLSelectTool in the codebase, particularly where user input is directly incorporated into SQL queries.
• generic web: Monitor web server access logs for requests containing suspicious SQL syntax or attempts to access files outside the intended scope.
• database (mysql): Execute SHOW GRANTS FOR 'yourmysqluser'@'%'; to verify the FILE privilege is not granted. If it is, revoke it using REVOKE FILE ON . FROM 'yourmysqluser'@'%';
disclosure
patch
漏洞利用状态
EPSS
0.06% (19% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-67509 is to upgrade to neuron-core/neuron-ai version 2.8.12 or later, which includes the necessary input validation fixes. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restrict the MySQL/MariaDB account's privileges, specifically revoking the FILE privilege. Configure the database server to prevent writes to publicly accessible directories. Implement a Web Application Firewall (WAF) or proxy to filter potentially malicious SQL queries, specifically targeting INTO OUTFILE and INTO DUMPFILE statements. After upgrading, confirm the fix by attempting a controlled injection of a SELECT ... INTO OUTFILE statement through the agent endpoint and verifying that the file write is blocked.
Actualice a la versión 2.8.12 o superior del framework Neuron AI. Esta versión corrige la vulnerabilidad que permite la escritura arbitraria de archivos en el servidor MySQL/MariaDB. La actualización previene la explotación de la vulnerabilidad a través de inyección de código SQL.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-67509 is a Remote Code Execution vulnerability in neuron-core/neuron-ai versions up to 2.8.9, allowing attackers to write files to the database server via prompt injection.
You are affected if you are using neuron-core/neuron-ai versions 2.8.9 or earlier and have a publicly accessible agent endpoint.
Upgrade to neuron-core/neuron-ai version 2.8.12 or later. As a temporary workaround, restrict the MySQL/MariaDB account's privileges and prevent writes to publicly accessible directories.
While no active exploitation has been confirmed, the vulnerability's nature and potential impact suggest a high likelihood of exploitation.
Refer to the neuron-core project's official website and GitHub repository for the latest security advisories and updates.