PT-2025-44600 · Neo4J · Neo4J Community+1
Published
2025-10-31
·
Updated
2025-10-31
·
CVE-2025-11602
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear |
Name of the Vulnerable Software and Affected Versions
Neo4j versions prior to 2025-11602
Description
A potential information leak exists in the bolt protocol handshake within Neo4j Enterprise and Community editions. This allows an attacker to obtain one byte of information from previous connections. The attacker does not have control over the leaked information contained in server responses.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Neo4J Community
Neo4J Enterprise