CVE-2025-10875
CVE-2025-10875
In short
Salesforce Mulesoft Anypoint Code Builder versions before 1.11.6 fail to properly sanitize user input when creating LLM prompts, allowing attackers to inject malicious code through specially crafted inputs.
Technical detail
This CWE-1427 vulnerability involves improper neutralization of LLM prompt inputs in Anypoint Code Builder, enabling code injection attacks. An attacker can craft malicious input that bypasses prompt sanitization to execute unauthorized code within the LLM context, affecting versions prior to 1.11.6.
Summary generated and translated by AI from the official description.
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Salesforce · Mulesoft Anypoint Code BuilderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →