CVE-2025-11602

Untargeted information leak in Bolt protocol handshake

CVSS 6.3 MEDIUMEPSS 0.3%CWE-226

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear

Produtos afetados

neo4j · Community Edition neo4j · Enterprise Edition

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://neo4j.com/security/cve-2025-11602