CVE-2025-67510

Impact

MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions.  

This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions).

​

Who is impacted: Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges.

Patches

Not patched in: 2.8.11  

Recommended improvements (even if keeping the tool intentionally powerful):

• Provide a safer API that supports only constrained operations (e.g., insertRecord, updateRecord) with allowlisted tables/columns.
• Add a policy/allowlist layer (e.g., allow only INSERT/UPDATE on selected tables; forbid DROP/TRUNCATE/ALTER/GRANT).
• Add optional review workflow: log + require human approval for high-risk statements; or “dry-run” mode.
• Document strongly that the tool must not be exposed to untrusted prompts without additional safeguards.

​

Workarounds

• Do not enable MySQLWriteTool for public/untrusted agents.
• Use a dedicated DB user with least privilege:
• no DROP, no ALTER, no GRANT, no access to sensitive tables unless necessary
• Add an application-layer policy rejecting high-risk statements (DROP, TRUNCATE, ALTER, GRANT, REVOKE, CREATE USER, etc.).
• Implement authorization gating for tool calls (RBAC, allow tool use only for trusted operators).