CVE-2025-11602

Summary

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

Affected Software

VendorProductVersion RangeStatus
neo4jEnterprise Edition5.26.0 < 5.26.15affected
neo4jEnterprise Edition2025.1.0 < 2025.10.1affected
neo4jCommunity Edition5.26.0 < 5.26.15affected
neo4jCommunity Edition2025.1.0 < 2025.10.1affected

Weaknesses

  • CWE-226: CWE-226: Sensitive Information in Resource Not Removed Before Reuse

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References