CVE-2025-64318

CVSS 5.3 MEDIUMEPSS 0.2%CWE-1427

In short

A security flaw in Salesforce Mulesoft Anypoint Code Builder allows attackers to manipulate configuration files by injecting malicious commands into prompts. This could let unauthorized users alter system settings or gain control over application behavior.

Technical detail

Improper neutralization of LLM prompts (CWE-1427) in Mulesoft Anypoint Code Builder before 1.12.1 enables prompt injection attacks that permit modification of writable configuration files. The vulnerability requires user interaction with crafted prompts and allows attackers to alter critical application configurations.

Summary generated and translated by AI from the official description.

Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Salesforce · Mulesoft Anypoint Code Builder

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://help.salesforce.com/s/articleView?id=005228032&type=1