CVE-2025-66169

🗓️ 14 Jan 2026 11:45:20Reported by apacheType

CVE-2025-66169 Cypher injection in Apache Camel Neo4j component; upgrade guidance for affected versions.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2025-66169	14 Jan 202611:45	–	attackerkb
Circl	CVE-2025-66169	13 Jan 202615:27	–	circl
CNNVD	Apache Camel 安全漏洞	14 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-66169 Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component	14 Jan 202611:45	–	cvelist
EUVD	EUVD-2026-2447	14 Jan 202611:45	–	euvd
Github Security Blog	Apache Camel camel-neo4j component is vulnerable to cypher injection	14 Jan 202612:31	–	github
NVD	CVE-2025-66169	14 Jan 202612:16	–	nvd
OSV	CVE-2025-66169	14 Jan 202612:16	–	osv
OSV	GHSA-4JRW-64VR-7G8M Apache Camel camel-neo4j component is vulnerable to cypher injection	14 Jan 202612:31	–	osv
Positive Technologies	PT-2026-2851	14 Jan 202600:00	–	ptsecurity

NVD

Vulners

Node

apache camelRange4.10.0–4.10.8

apache camelRange4.14.0–4.14.3

apache camelRange4.15.0–4.17.0

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.camel:camel-neo4j",
    "product": "Apache Camel Neo4j",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.10.8",
        "status": "affected",
        "version": "4.10.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.14.3",
        "status": "affected",
        "version": "4.14.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.17.0",
        "status": "affected",
        "version": "4.15.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
camel	www.camel.apache.org/security/CVE-2025-66169.html
openwall	www.openwall.com/lists/oss-security/2026/01/13/5

16 Jan 2026 14:29Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.15.3

EPSS0.00034

SSVC

CWE-89