CVE-2025-10875
📋 TL;DR
This vulnerability allows attackers to inject malicious code through improperly sanitized input used for LLM prompting in Salesforce Mulesoft Anypoint Code Builder. Successful exploitation could lead to arbitrary code execution within the application context. Organizations using Mulesoft Anypoint Code Builder versions before 1.11.6 are affected.
💻 Affected Systems
- Salesforce Mulesoft Anypoint Code Builder
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Mulesoft Anypoint Code Builder environment, allowing attackers to execute arbitrary code, steal sensitive data, modify application logic, and potentially pivot to other systems.
Likely Case
Limited code execution within the application's context, potentially allowing data exfiltration, configuration modification, or disruption of development workflows.
If Mitigated
No impact if proper input validation and sanitization are implemented, or if the vulnerable component is not exposed to untrusted users.
🎯 Exploit Status
Exploitation requires access to the LLM prompting interface, which typically requires some level of user access. The CWE-94 classification indicates code injection through improper input neutralization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.11.6
Vendor Advisory: https://help.salesforce.com/s/articleView?id=005228032&type=1
Restart Required: Yes
Instructions:
1. Backup current configuration and projects. 2. Download Mulesoft Anypoint Code Builder version 1.11.6 or later from the official Salesforce portal. 3. Follow the vendor's upgrade documentation for your specific deployment. 4. Restart the application and verify functionality.
🔧 Temporary Workarounds
Disable LLM Prompting Features
allTemporarily disable or restrict access to LLM prompting functionality until patching can be completed.
Consult Mulesoft documentation for disabling specific LLM integration features
Implement Input Validation Proxy
allDeploy a web application firewall or reverse proxy with strict input validation rules for LLM prompt inputs.
🧯 If You Can't Patch
- Restrict access to the Mulesoft Anypoint Code Builder interface to only trusted, necessary users
- Implement network segmentation to isolate the vulnerable system from critical assets
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Mulesoft Anypoint Code Builder. If version is earlier than 1.11.6, the system is vulnerable.Check Version:
Check the application's about section or consult the deployment documentation for version verification methods specific to your installation.Verify Fix Applied:
Verify that the application version is 1.11.6 or later and test LLM prompting functionality with various inputs to ensure proper sanitization.📡 Detection & Monitoring
Log Indicators:
- Unusual LLM prompt patterns
- Unexpected code execution attempts
- Abnormal user behavior in code builder interface
Network Indicators:
- Suspicious requests to LLM prompting endpoints
- Unusual outbound connections from the code builder application
SIEM Query:
source="mulesoft-code-builder" AND (event_type="llm_prompt" AND (input CONTAINS "system" OR input CONTAINS "exec" OR input CONTAINS "eval"))