-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ---
title: "Apache Camel Security Advisory - CVE-2025-66169"
date: 2026-01-13T07:30:42+02:00
url: /security/CVE-2025-66169.html
draft: false
type: security-advisory
cve: CVE-2025-66169
severity: MEDIUM
summary: "Cypher injection vulnerability in Camel-Neo4j component"
description: "Camel neo4j component is vulnerable to Cypher injection: attackers can construct specific query statements to execute unintended operations in the Neo4j database."
mitigation: "Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0."
credit: "This issue was discovered and reported by Ya0H4cker."
affected: Apache Camel 4.10.x before 4.10.8, Apache Camel 4.14.x before 4.14.3, Apache Camel 4.15.0 and 4.16.0. 
fixed: 4.10.8, 4.14.3 and 4.17.0
- ---

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-22719 refers to the commit that resolved the issue, and have more details.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmll/qMACgkQ406fOAL/
QQAXwgf+Ot8434RdjGT3QXbrStQKGg1LXJxguHYBY4PB/nPQfaybkOff9bIOp5fX
vstXjUkB8QqxLt/k+K/UxyKspIf7idVnsGGf35TIjnT9+UiQUb2QHUa9FTS1SpKb
buoRc8byR+3r2+39QnyLXCMhE7G5XW8J1Y+1kTzXKE2AXLAQkpYOX9McuOR5THQA
f3rJ3OfmNWmtQJTJpM+6qDx6a2kyIEOdp3Zbz61PBYbakJF1ugLXcFn5A+V3Cu5w
81tWDoG6HasLYBRPaY7L57DwyCzSQ2/7QpVHWB2a3xxwgwg8lM73b3UlF+HkHMjE
kQEeq25CRnhwWq+d1E1til9o44peQQ==
=byEk
-----END PGP SIGNATURE-----