CVE-2025-11602

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

CVSS

No CVSS.

References

Link	Resource
https://neo4j.com/security/cve-2025-11602

Configurations

No configuration.

History

31 Oct 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-31 11:15

Updated : 2025-10-31 11:15

NVD link : CVE-2025-11602

Mitre link : CVE-2025-11602

CVE.ORG link : CVE-2025-11602

JSON object : View

Products Affected

No product.

CWE

CWE-226

Sensitive Information in Resource Not Removed Before Reuse

{"id": "CVE-2025-11602", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-31T11:15:33.513", "references": [{"url": "https://neo4j.com/security/cve-2025-11602", "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "description": [{"lang": "en", "value": "CWE-226"}]}], "descriptions": [{"lang": "en", "value": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses."}], "lastModified": "2025-10-31T11:15:33.513", "sourceIdentifier": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}

CVE-2025-11602

JSON object

Attach tags to CVE-2025-11602

Attach tags to `CVE-2025-11602`