CVE-2025-66169

CWE-89SQL InjectionCWE-74CWE-943Improper Neutralization of Special Elements in Data Query Logic7 documents7 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 91.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Camel Neo4jApache Camel
Timeline
PublishedJan 14

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

Mavenorg.apache.camel:camel-neo4j4.10.04.10.8+2
CVEListV5apache_software_foundation/apache_camel_neo4j4.10.04.10.8+2
NVDapache/camel4.10.04.10.8+2

🔴Vulnerability Details

3
CVEList
Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component2026-01-14
OSV
Apache Camel camel-neo4j component is vulnerable to cypher injection2026-01-14
GHSA
Apache Camel camel-neo4j component is vulnerable to cypher injection2026-01-14

📋Vendor Advisories

2
Red Hat
camel-neo4j: Apache Camel camel-neo4j: Unauthorized data modification via Cypher Injection2026-01-14
Apache
Apache camel: CVE-2025-66169

🕵️Threat Intelligence

1
Wiz
CVE-2025-66169 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-66169 (MEDIUM CVSS 5.3) | Cypher Injection vulnerability in A | cvebase.io