CVE-2025-11602
6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear
Summary
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| neo4j | Enterprise Edition | 5.26.0 < 5.26.15 | affected |
| neo4j | Enterprise Edition | 2025.1.0 < 2025.10.1 | affected |
| neo4j | Community Edition | 5.26.0 < 5.26.15 | affected |
| neo4j | Community Edition | 2025.1.0 < 2025.10.1 | affected |
Weaknesses
- CWE-226: CWE-226: Sensitive Information in Resource Not Removed Before Reuse
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.