CVE-2025-66169

MEDIUM

Apache Camel <4.10.8, <4.14.3, <4.17.0 - Cypher Injection

Title source: llm

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

References (2)

[Mailing List, Vendor Advisory, Issue Tracking] https://camel.apache.org/security/CVE-2025-66169.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2026/01/13/5

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 7.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-89

Status published

Affected Products (2)

apache/camel < 4.10.8

org.apache.camel/camel-neo4j < 4.10.8Maven

Timeline

Published Jan 14, 2026

Tracked Since Feb 18, 2026