CVE-2025-10875 identifies a vulnerability in Salesforce Mulesoft Anypoint Code Builder versions before 1.11.6, classified under CWE-1427, which concerns improper neutralization of input used for LLM prompting. The vulnerability arises because the product fails to adequately sanitize or validate input that is fed into large language model prompts, which are used to assist or automate code generation within the development environment. This improper neutralization can lead to code injection attacks, where an attacker crafts malicious input that manipulates the LLM’s output or execution context, potentially injecting unauthorized code snippets or commands. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its attack surface. The CVSS v3.1 base score of 6.5 reflects a network attack vector with low attack complexity and no privileges or user interaction needed. The impact primarily affects confidentiality and integrity, as attackers could cause unauthorized code execution or data leakage within the code builder environment, but availability is not impacted. No public exploits or active exploitation have been reported yet. The vulnerability highlights the risks introduced by integrating AI/LLM components into development tools without robust input validation and sanitization. Salesforce has addressed this issue in version 1.11.6 and later.

For European organizations, this vulnerability poses a risk to the integrity and confidentiality of code development processes that utilize Mulesoft Anypoint Code Builder. Attackers exploiting this flaw could inject malicious code into the development environment, potentially leading to compromised software builds, introduction of backdoors, or leakage of proprietary source code and sensitive configuration data. This could undermine trust in software supply chains and lead to intellectual property theft or further downstream attacks. Although availability is not directly impacted, the integrity compromise could have cascading effects on operational security and compliance, especially in regulated sectors such as finance, healthcare, and critical infrastructure. Organizations relying heavily on Salesforce and Mulesoft tools for integration and development are particularly vulnerable. The lack of required authentication and user interaction for exploitation increases the urgency of mitigation. The threat is more pronounced in environments where code builders are integrated into CI/CD pipelines without additional security controls.

European organizations should immediately upgrade Mulesoft Anypoint Code Builder to version 1.11.6 or later, where the vulnerability is patched. In addition to patching, organizations should implement strict input validation and sanitization policies on any data fed into LLM prompts within development tools. Employing runtime monitoring and anomaly detection to identify unusual code generation patterns can help detect exploitation attempts. Restrict network access to the code builder environment using segmentation and firewall rules to limit exposure. Integrate code review and static analysis tools to catch injected malicious code early in the development lifecycle. Educate developers about the risks of untrusted input in AI-assisted coding environments. Finally, maintain an inventory of all development tools using LLMs and monitor vendor advisories for emerging threats related to AI prompt injection.