Enumeration of restricted property value_CVE-2025-12738

1.3 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/V:D

Description

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying to enumerate all possible values through observing error messages of SET property.
We recommend upgrading to 2025.11.2 or 5.26.17 and above, where the issues is fixed.

Basic Information

ID CVE-2025-12738

Source Neo4j

Published Jan 22, 2026 at 13:29

Modified Jan 22, 2026 at 20:19

Affected Product

Vendor neo4j

Product Enterprise Edition

Affected Versions neo4j Enterprise Edition 0
neo4j Enterprise Edition 0

CWE Classification

CWE-200

References

neo4j.com /security/CVE-2025-12738

{
    "lastseen": "",
    "description": "Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying to enumerate all possible values through observing error messages of SET property.\nWe recommend upgrading to 2025.11.2 or 5.26.17 and above, where the issues is fixed.",
    "published": "2026-01-22T13:29:11.655Z",
    "modified": "2026-01-22T20:19:52.009Z",
    "type": "cve",
    "title": "Enumeration of restricted property value",
    "source": "Neo4j",
    "references": "https://neo4j.com/security/CVE-2025-12738",
    "id": "CVE-2025-12738",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "neo4j Enterprise Edition 0\nneo4j Enterprise Edition 0",
    "sourceHref": "",
    "cvss": {
        "score": 1.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/V:D",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Edition",
    "version": "0",
    "vendor": "neo4j",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}