Prompt Injection

A technical deep dive into CVE-2025-59145 — the CVSS 9.6 vulnerability that let attackers silently steal source code, API keys, and zero-days from private repos without executing a single line of code.

Most deployed LLM applications have guardrails against direct prompt injection and almost none have meaningful defenses against indirect injection. Here is why that gap is dangerous.