CNNVD-202512-1758 Information

Dec 10, 2025 cve

CNNVD ID

CNNVD-202512-1758

CVE-2025-67510

  • CNNVD Published: 2025-12-10

Description (Chinese)

Neuron是EMQ开源的一款工业物联网(IIoT)连接服务器。用于现代大数据和 AI/ML 技术,以利用工业 4.0 的力量。 Neuron 2.8.11及之前版本存在访问控制错误漏洞,该漏洞源于MySQLWriteTool执行任意SQL时缺乏语义限制,可能导致执行破坏性查询。

Description (English)

Neuron is an industrial network (IIOT) connection server for the EMQ open source. For modern big data and AI/ML technology to harness the power of industry 4.0. Neuron 2.8.11 and previous versions had access control error holes, which stemmed from the lack of semantic restrictions on the implementation of arbitrary SQLs by MySQLWriteTool, which could lead to destructive queries.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

EMQ

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/neuron-core/neuron-ai/commit/44bab85d92bf162898ee48d0bcef6ba0d29b59c9 https://github.com/neuron-core/neuron-ai/releases/tag/2.8.12 https://github.com/neuron-core/neuron-ai/security/advisories/GHSA-898v-775g-777c https://access.redhat.com/security/cve/cve-2025-67510

Patch

https://github.com/neuron-core/neuron-ai/releases

Share on: