CVE-2025-66169

Summary

Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Camel Neo4j4.10.0 < 4.10.8affected
Apache Software FoundationApache Camel Neo4j4.14.0 < 4.14.3affected
Apache Software FoundationApache Camel Neo4j4.15.0 < 4.17.0affected

Weaknesses

  • Cypher Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References