Incorrect Permission Assignment Vulnerability in Salesforce Mulesoft Anypoint Code Builder

CVE-2025-64319

What is CVE-2025-64319?

The vulnerability in Salesforce's Mulesoft Anypoint Code Builder arises from an incorrect permission assignment that allows unauthorized manipulation of writable configuration files. This flaw can expose critical system areas to potential threats, enabling attackers to modify sensitive configurations. Impacted versions include those released prior to 1.11.6, putting users at higher risk if not promptly updated. It is crucial for organizations using this product to evaluate their security posture and apply the necessary patches to mitigate associated risks.

References