CVE-2025-64318

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://help.salesforce.com/s/articleView?id=005228032&type=1 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:salesforce:mulesoft_anypoint_code_builder:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-11-04 19:17

Updated : 2026-02-04 20:02

NVD link : CVE-2025-64318

Mitre link : CVE-2025-64318

CVE.ORG link : CVE-2025-64318

JSON object : View

Products Affected

salesforce

  • mulesoft_anypoint_code_builder
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')