Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <e5b7e5df-7fbc-6f25-7c57-c3b14cdc8fae@apache.org>
Date: Tue, 13 Jan 2026 12:53:11 +0000
From: Andrea Cosentino <acosentino@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-66169: Apache Camel: Cypher injection vulnerability in
 Camel-Neo4j component 

Severity: moderate 

Affected versions:

- Apache Camel (org.apache.camel:camel-neo4j) 4.10.0 before 4.10.8
- Apache Camel (org.apache.camel:camel-neo4j) 4.14.0 before 4.14.3
- Apache Camel (org.apache.camel:camel-neo4j) 4.15.0 before 4.17.0

Description:

Cypher Injection vulnerability in Apache Camel camel-neo4j component.

This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0

Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

This issue is being tracked as CAMEL-22719 

Credit:

Ya0H4cker (finder)

References:

https://camel.apache.org/security/CVE-2025-66169.html
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-66169
https://issues.apache.org/jira/browse/CAMEL-22719

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.