Untargeted information leak in Bolt protocol handshake_CVE-2025-11602

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear

Description

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

Basic Information

ID CVE-2025-11602

Source Neo4j

Published Oct 31, 2025 at 10:20

Modified Oct 31, 2025 at 11:37

Affected Product

Vendor neo4j

Product Enterprise Edition

Version 5.26.0

Affected Versions neo4j Enterprise Edition 5.26.0
neo4j Enterprise Edition 2025.1.0
neo4j Community Edition 5.26.0
neo4j Community Edition 2025.1.0

CWE Classification

CWE-226

References

neo4j.com /security/cve-2025-11602

{
    "lastseen": "",
    "description": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.",
    "published": "2025-10-31T10:20:17.254Z",
    "modified": "2025-10-31T11:37:44.777Z",
    "type": "cve",
    "title": "Untargeted information leak in Bolt protocol handshake",
    "source": "Neo4j",
    "references": "https://neo4j.com/security/cve-2025-11602",
    "id": "CVE-2025-11602",
    "bulletinFamily": "",
    "cwe": [
        "CWE-226"
    ],
    "cvelist": null,
    "sourceData": "neo4j Enterprise Edition 5.26.0\nneo4j Enterprise Edition 2025.1.0\nneo4j Community Edition 5.26.0\nneo4j Community Edition 2025.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Edition",
    "version": "5.26.0",
    "vendor": "neo4j",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}