Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Basic Information

ID CVE-2025-66169

Source apache

Published Jan 14, 2026 at 11:45

Modified Jan 15, 2026 at 20:43

Affected Product

Vendor Apache Software Foundation

Product Apache Camel Neo4j

Version 4.10.0

Affected Versions Apache Software Foundation Apache Camel Neo4j 4.10.0
Apache Software Foundation Apache Camel Neo4j 4.14.0
Apache Software Foundation Apache Camel Neo4j 4.15.0

CWE Classification

CWE-89

References

camel.apache.org /security/CVE-2025-66169.html

{
    "lastseen": "",
    "description": "Cypher Injection vulnerability in Apache Camel camel-neo4j component.\n\nThis issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0\n\nUsers are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.",
    "published": "2026-01-14T11:45:20.338Z",
    "modified": "2026-01-15T20:43:58.492Z",
    "type": "cve",
    "title": "Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component",
    "source": "apache",
    "references": "https://camel.apache.org/security/CVE-2025-66169.html",
    "id": "CVE-2025-66169",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Camel Neo4j 4.10.0\nApache Software Foundation Apache Camel Neo4j 4.14.0\nApache Software Foundation Apache Camel Neo4j 4.15.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Camel Neo4j",
    "version": "4.10.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component_CVE-2025-66169