Code Injection Vulnerability in Salesforce Mulesoft Anypoint Code Builder
CVE-2025-10875

6.5MEDIUM

Key Information:

Vendor: Salesforce
Status: Mulesoft Anypoint Code Builder
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-10875?

A code injection vulnerability exists in Salesforce Mulesoft Anypoint Code Builder due to improper handling of input when generating prompts for LLMs. This flaw can allow malicious actors to execute arbitrary code within the application, potentially leading to unauthorized access and data manipulation. Users are advised to upgrade to version 1.11.6 or later to mitigate this risk.

Affected Version(s)

Mulesoft Anypoint Code Builder 0 < 1.11.6

References

https://help.salesforce.com/s/articleView?id=005228032&ty...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Sep 23, 2025

JSON