CVE-2025-64319 – This vulnerability allows attackers to manipula... (How to Fix)

Q: What is the severity of CVE-2025-64319?

CVE-2025-64319 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows attackers to manipulate writeable configuration files in Salesforce Mulesoft Anypoint Code Builder due to incorrect permission assignments. Attackers could modify configuration files to alter application behavior or potentially escalate privileges. This affects all users running vulnerable versions of Mulesoft Anypoint Code Builder.

📋 TL;DR

This vulnerability allows attackers to manipulate writeable configuration files in Salesforce Mulesoft Anypoint Code Builder due to incorrect permission assignments. Attackers could modify configuration files to alter application behavior or potentially escalate privileges. This affects all users running vulnerable versions of Mulesoft Anypoint Code Builder.

💻 Affected Systems

Products:

Salesforce Mulesoft Anypoint Code Builder

Versions: All versions before 1.12.1

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: This vulnerability affects the desktop IDE application, not the Mulesoft runtime or deployed applications.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical configuration files to execute arbitrary code, compromise the development environment, or gain persistent access to the system.

🟠

Likely Case

Attackers with local access could modify configuration files to alter application behavior, disrupt development workflows, or introduce malicious code into projects.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to configuration changes that could be detected and reverted.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system running the vulnerable Code Builder application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.12.1

Vendor Advisory: https://help.salesforce.com/s/articleView?id=005228032&type=1

Restart Required: Yes

Instructions:

1. Open Anypoint Code Builder. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 1.12.1 or later. 4. Restart the application.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Manually adjust permissions on Code Builder configuration directories to restrict write access.

chmod 755 ~/.anypoint-code-builder
chmod 755 ~/.mule

Run as Limited User

all

Run Code Builder with a non-administrative user account to limit potential impact.

🧯 If You Can't Patch

Monitor configuration files for unauthorized changes using file integrity monitoring tools.
Implement strict access controls to limit who can run Code Builder on development systems.

🔍 How to Verify

Check if Vulnerable:

Check the version in Code Builder: Help > About. If version is below 1.12.1, you are vulnerable.

Check Version:

Check Help > About menu in the application GUI

Verify Fix Applied:

Verify version is 1.12.1 or higher in Help > About. Check that configuration files have appropriate permissions.

📡 Detection & Monitoring

Log Indicators:

Unexpected modifications to .anypoint-code-builder or .mule configuration files
Failed permission checks in application logs

Network Indicators:

No network indicators - this is a local file system vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\.anypoint-code-builder%' OR ObjectName LIKE '%\.mule%' AND AccessMask IN ('WRITE_DAC', 'WRITE_OWNER', 'WRITE_DATA')

📊 Metadata

CVE ID: CVE-2025-64319

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-732

Published: November 4, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://help.salesforce.com/s/articleView?id=005228032&type=1 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64319, you might also want to check these: