Apache Camel security advisory: CVE-2025-66169

Severity

MEDIUM

Summary

Cypher injection vulnerability in Camel-Neo4j component

Versions affected

Apache Camel 4.10.x before 4.10.8, Apache Camel 4.14.x before 4.14.3, Apache Camel 4.15.0 and 4.16.0.

Versions fixed

4.10.8, 4.14.3 and 4.17.0

Description

Camel neo4j component is vulnerable to Cypher injection: attackers can construct specific query statements to execute unintended operations in the Neo4j database.

Notes

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-22719 refers to the commit that resolved the issue, and have more details.

Mitigation

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Credit

This issue was discovered and reported by Ya0H4cker.

References

PGP signed advisory data: CVE-2025-66169.txt.asc
Mitre CVE Entry: https://www.cve.org/CVERecord?id=CVE-2025-66169
Edit this Page Back to top