Neo4j Bolt Handshake Leakage: One Byte Disclosure
CVE-2025-11602 Published on October 31, 2025
Untargeted information leak in Bolt protocol handshake
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
Weakness Type
Sensitive Information in Resource Not Removed Before Reuse
When a device releases a resource such as memory or a file for reuse by other entities, information contained in the resource is not fully cleared prior to reuse of the resource.
Products Associated with CVE-2025-11602
Want to know whenever a new CVE is published for Neo4j products? stack.watch will email you.
Affected Versions
neo4j Enterprise Edition:- Version 5.26.0 and below 5.26.15 is affected.
- Version 2025.1.0 and below 2025.10.1 is affected.
- Version 5.26.0 and below 5.26.15 is affected.
- Version 2025.1.0 and below 2025.10.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.