Publish Advisories

GHSA-459f-x8vq-xjjm
GHSA-898v-775g-777c
GHSA-g4v2-cjqp-rfmq
GHSA-j8g6-5gqc-mq36
GHSA-jj6p-3m75-g2p3
GHSA-pvcv-q3q7-266g
GHSA-wq34-7f4g-953v

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-459f-x8vq-xjjm/GHSA-459f-x8vq-xjjm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-459f-x8vq-xjjm",
-  "modified": "2025-12-08T22:18:00Z",
+  "modified": "2025-12-09T19:17:06Z",
   "published": "2025-12-08T22:18:00Z",
   "aliases": [
     "CVE-2025-67487"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/static-web-server/static-web-server/security/advisories/GHSA-459f-x8vq-xjjm"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67487"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/static-web-server/static-web-server/commit/308f0d26ceb9c2c8bd219315d0f53914763357f2"
@@ -59,6 +63,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-08T22:18:00Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-09T16:18:24Z"
   }
 }

advisories/github-reviewed/2025/12/GHSA-898v-775g-777c/GHSA-898v-775g-777c.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-898v-775g-777c",
-  "modified": "2025-12-09T17:19:42Z",
+  "modified": "2025-12-09T19:16:37Z",
   "published": "2025-12-09T17:19:42Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-67510"
+  ],
   "summary": "Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)",
   "details": "### Impact\n\n`MySQLWriteTool` executes arbitrary SQL provided by the caller using `PDO::prepare()` + `execute()` without semantic restrictions.  \n\nThis is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as `DROP TABLE`, `TRUNCATE`, `DELETE`, `ALTER`, or privilege-related statements (subject to DB permissions).\n\n\n\n**Who is impacted:** Deployments that expose an agent with `MySQLWriteTool` enabled to untrusted input and/or run the tool with a DB user that has broad privileges.\n\n### Patches\n\n**Not patched in:** 2.8.11  \n\nRecommended improvements (even if keeping the tool intentionally powerful):\n\n- Provide a safer API that supports only constrained operations (e.g., `insertRecord`, `updateRecord`) with allowlisted tables/columns.\n\n- Add a policy/allowlist layer (e.g., allow only `INSERT`/`UPDATE` on selected tables; forbid `DROP/TRUNCATE/ALTER/GRANT`).\n\n- Add optional review workflow: log + require human approval for high-risk statements; or “dry-run” mode.\n\n- Document strongly that the tool must not be exposed to untrusted prompts without additional safeguards.\n\n\n\n### Workarounds\n\n- Do not enable `MySQLWriteTool` for public/untrusted agents.\n\n- Use a dedicated DB user with **least privilege**:\n\n  - no `DROP`, no `ALTER`, no `GRANT`, no access to sensitive tables unless necessary\n\n- Add an application-layer policy rejecting high-risk statements (`DROP`, `TRUNCATE`, `ALTER`, `GRANT`, `REVOKE`, `CREATE USER`, etc.).\n\n- Implement authorization gating for tool calls (RBAC, allow tool use only for trusted operators).",
   "severity": [

advisories/github-reviewed/2025/12/GHSA-g4v2-cjqp-rfmq/GHSA-g4v2-cjqp-rfmq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g4v2-cjqp-rfmq",
-  "modified": "2025-12-08T22:15:49Z",
+  "modified": "2025-12-09T19:17:35Z",
   "published": "2025-12-08T22:15:49Z",
   "aliases": [
     "CVE-2025-66627"
@@ -97,6 +97,10 @@
       "type": "WEB",
       "url": "https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-g4v2-cjqp-rfmq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66627"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/wasmi-labs/wasmi/commit/0e6f0d2a8325602c58d6a53ce1c0e6045eb6a490"
@@ -113,6 +117,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-08T22:15:49Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-09T16:18:21Z"
   }
 }

advisories/github-reviewed/2025/12/GHSA-j8g6-5gqc-mq36/GHSA-j8g6-5gqc-mq36.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j8g6-5gqc-mq36",
-  "modified": "2025-12-09T17:19:23Z",
+  "modified": "2025-12-09T19:16:45Z",
   "published": "2025-12-09T17:19:23Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-67509"
+  ],
   "summary": "Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)",
   "details": "### Impact\n\n`MySQLSelectTool` is intended to be a read-only SQL tool (e.g., for LLM agent querying). However, validation based on the first keyword (e.g., `SELECT`) and a forbidden-keyword list does not block file-writing constructs such as `INTO OUTFILE` / `INTO DUMPFILE`.  \n\nAs a result, an attacker who can influence the tool input (e.g., prompt injection through a public agent endpoint) may be able to write arbitrary content to files on the DB server.\n\nIf the MySQL/MariaDB account has the `FILE` privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory), the impact can escalate to remote code execution on the application host (for example, by writing a PHP web shell).\n\n**Who is impacted:** Deployments that expose an agent using `MySQLSelectTool` to untrusted input and run with overly-permissive DB privileges/configuration.\n\n### Patches\n\n**Not patched in:** 2.8.11  \n\n**Fixed in:** 2.8.12\n\nRecommended fix direction:\n\n- Explicitly reject queries containing: `INTO`, `OUTFILE`, `DUMPFILE`, `LOAD_FILE`, and other file/IO-related functions/clauses.\n\n- Prefer AST-based validation (SQL parser) over keyword checks.\n\n- Constrain allowed tables/columns and disallow multi-statements.\n\n### Workarounds\n\nIf you cannot upgrade immediately:\n\n- Remove/disable `MySQLSelectTool` for any agent reachable from untrusted input.\n\n- Ensure DB account used by the tool **does not** have `FILE` privilege.\n\n- Ensure `secure_file_priv` is set to a directory that is **not** web-accessible (or restrict it tightly).\n\n- Add a defensive query filter at the application layer rejecting `INTO OUTFILE`, `INTO DUMPFILE`, `LOAD_FILE`, `;` (multi-statements), and suspicious comment patterns.",
   "severity": [

advisories/github-reviewed/2025/12/GHSA-jj6p-3m75-g2p3/GHSA-jj6p-3m75-g2p3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jj6p-3m75-g2p3",
-  "modified": "2025-12-08T22:07:47Z",
+  "modified": "2025-12-09T19:17:14Z",
   "published": "2025-12-08T22:07:47Z",
   "aliases": [
     "CVE-2025-66622"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66622"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/matrix-org/matrix-rust-sdk/pull/5924"
@@ -64,6 +68,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-08T22:07:47Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-09T16:18:21Z"
   }
 }

advisories/github-reviewed/2025/12/GHSA-pvcv-q3q7-266g/GHSA-pvcv-q3q7-266g.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pvcv-q3q7-266g",
-  "modified": "2025-12-09T17:19:10Z",
+  "modified": "2025-12-09T19:16:56Z",
   "published": "2025-12-09T17:19:10Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2025-67507"
+  ],
   "summary": "Filament multi-factor authentication (app) recovery codes can be used multiple times",
   "details": "### Summary\n\nA flaw in the handling of recovery codes for **app-based multi-factor authentication** allows the same recovery code to be reused indefinitely. This issue does **not** affect email-based MFA. It also only applies when recovery codes are enabled.\n\n### Impact\n\nIf an attacker gains access to both the user's password and their recovery codes, they can repeatedly complete MFA without the user's app-based second factor. This weakens the expected security of MFA by turning recovery codes into a static, long-term bypass method.",
   "severity": [

advisories/github-reviewed/2025/12/GHSA-wq34-7f4g-953v/GHSA-wq34-7f4g-953v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wq34-7f4g-953v",
-  "modified": "2025-12-08T22:15:56Z",
+  "modified": "2025-12-09T19:17:25Z",
   "published": "2025-12-08T22:15:56Z",
   "aliases": [
     "CVE-2025-66631"
@@ -40,6 +40,18 @@
       "type": "WEB",
       "url": "https://github.com/MarimerLLC/csla/security/advisories/GHSA-wq34-7f4g-953v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66631"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarimerLLC/csla/issues/4001"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarimerLLC/csla/pull/4018"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/MarimerLLC/csla"
@@ -56,6 +68,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-08T22:15:56Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-09T16:18:22Z"
   }
 }