CVE-2025-11602
Essential information
- Published
- 31/10/2025 11:15
- Modified
- 31/10/2025 11:15
- Author
- —
- Creator
- —
- CVSS
- 6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- PRESENT
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- LOW
- Confidentiality (S)
- NONE
- Integrity (V)
- NONE
- Integrity (S)
- NONE
- Availability (V)
- NONE
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| neo4j / neo4j enterprise | cpe:2.3:a:neo4j:neo4j_enterprise:*:*:*:*:*:*:*:* |
| neo4j / neo4j community | cpe:2.3:a:neo4j:neo4j_community:*:*:*:*:*:*:*:* |