Home > Vulnerability Database > CVE-2025-11602

Mend.io Vulnerability Database

CVE-2025-11602

Good to know:

Date: October 31, 2025

Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.

Severity Score

5.3

Related Resources (3)

Url: https://neo4j.com/security/cve-2025-11602

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11602

Url: https://www.mend.io/vulnerability-database/CVE-2025-11602

Severity Score

5.3

Weakness Type (CWE)

Sensitive Information in Resource Not Removed Before Reuse

CWE-226

Top Fix

Upgrade Version

Upgrade to version https://github.com/neo4j/neo4j.git - 5.26.15

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11602

Good to know:

Date: October 31, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?