CVE-2025-11602 MEDIUM

CVE-2025-11602: Untargeted information leak in Bolt protocol handshake

Vendor Neo4J
Product Enterprise Edition
Weakness CWE-226
Published October 31, 2025
Last update October 31, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear

What the vulnerability does

01Description

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

Key dates

02Disclosure timeline

October 31, 2025 CVE published
October 31, 2025 Record updated