Information Disclosure Vulnerability in Neo4j Enterprise Edition
CVE-2025-12738

1.3LOW

Key Information:

Vendor: Neo4j
Status: Enterprise Edition
Vendor: CVE Published:; 22 January 2026

What is CVE-2025-12738?

Neo4j Enterprise Edition is susceptible to an information disclosure vulnerability that allows attackers with legitimate access to the database to infer sensitive information. This vulnerability is particularly concerning as it enables an attacker without direct read access to discern the values of properties by analyzing error messages generated during SET property attempts. To safeguard your database, it is crucial to upgrade to versions 2025.11.2 or 5.26.17, where this issue is addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Edition 0 < 2025.11.2

Enterprise Edition 0 < 5.26.17

References

https://neo4j.com/security/CVE-2025-12738

vendor-advisory

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Nov 5, 2025

JSON

Neo4j

What is CVE-2025-12738?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.