CVE-2025-66169

CVE-2025-66169: Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component

Vendor Apache Software Foundation

Product Apache Camel Neo4j

Published January 14, 2026

Last update January 15, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Key dates

Disclosure timeline

January 14, 2026 CVE published

January 15, 2026 Record updated

Identifiers

CVE CVE-2025-66169

Affected versions

Vendor Apache Software Foundation

Product Apache Camel Neo4j

Affected ≥ 4.10.0 and < 4.10.8

Vendor Apache Software Foundation

Product Apache Camel Neo4j

Affected ≥ 4.14.0 and < 4.14.3

Vendor Apache Software Foundation

Product Apache Camel Neo4j

Affected ≥ 4.15.0 and < 4.17.0