Information Leak in Neo4j Enterprise and Community Editions
CVE-2025-11602

6.3MEDIUM

Key Information:

Vendor: Neo4j
Status: Enterprise Edition; Community Edition
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-11602?

A potential information leak exists in the bolt protocol handshake utilized by Neo4j's Enterprise and Community editions. This vulnerability may allow an attacker to retrieve a byte of information from prior connections without having control over the data sent in server responses. Responsible handling and timely patching are essential to mitigate risks associated with this issue.

Affected Version(s)

Community Edition 5.26.0 < 5.26.15

Community Edition 2025.1.0 < 2025.10.1

Enterprise Edition 5.26.0 < 5.26.15

References

https://neo4j.com/security/cve-2025-11602

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 10, 2025

JSON