CVE-2025-11602

Published: Oct 31, 2025

Modified: Oct 31, 2025

PUBLISHED

Description

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

Vendor	Product	Versions
neo4j	Enterprise Edition	affected `5.26.0 - < 5.26.15` affected `2025.1.0 - < 2025.10.1`
neo4j	Community Edition	affected `5.26.0 - < 5.26.15` affected `2025.1.0 - < 2025.10.1`

Weaknesses (CWE)

CWE-226

References

https://neo4j.com/security/cve-2025-11602

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-11602

Description

Affected Products

Weaknesses (CWE)

References