CVE-2025-11602

Description

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

PUBLISHED Reserved 2025-10-10 | Published 2025-10-31 | Updated 2025-10-31 | Assigner Neo4j

Problem types

CWE-226: Sensitive Information in Resource Not Removed Before Reuse

Product status

References

neo4j.com/security/cve-2025-11602 vendor-advisory

cve.org (CVE-2025-11602)

nvd.nist.gov (CVE-2025-11602)

Download JSON