Code Injection Vulnerability in Salesforce Mulesoft Anypoint Code Builder
CVE-2025-10875

Currently unrated

Key Information:

Vendor: Salesforce
Status: Mulesoft Anypoint Code Builder
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-10875?

A code injection vulnerability exists in Salesforce Mulesoft Anypoint Code Builder due to improper handling of input when generating prompts for LLMs. This flaw can allow malicious actors to execute arbitrary code within the application, potentially leading to unauthorized access and data manipulation. Users are advised to upgrade to version 1.11.6 or later to mitigate this risk.

Affected Version(s)

Mulesoft Anypoint Code Builder 0 < 1.11.6

References

https://help.salesforce.com/s/articleView?id=005228032&ty...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Sep 23, 2025

JSON