Vulnerability in Neo4j Community Edition

CVE-2025-11602

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server…

EPSS: 0.001 (20.3th percentile) — read the EPSS interpretation.

Affected products

Neo4j Community Edition — versions 5.26.0, 2025.1.0
Neo4j Enterprise Edition — versions 5.26.0, 2025.1.0

Weakness classification (CWE)

CWE-226 — Sensitive Information in Resource Not Removed Before Reuse

References

neo4j.com/security/cve-2025-11602 (vendor-advisory)