CVE-2025-66169: Apache Camel camel-neo4j component is vulnerable to cypher injection
(updated )
Cypher Injection vulnerability in Apache Camel camel-neo4j component.
This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0
Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
References
- camel.apache.org/security/CVE-2025-66169.html
- github.com/advisories/GHSA-4jrw-64vr-7g8m
- github.com/apache/camel
- github.com/apache/camel/commit/66715d3feb4ba15df30cffe437e45efeedfba10d
- github.com/apache/camel/commit/723e2cd98ce4b4ceb1dd38837bc113fca0cef170
- github.com/apache/camel/commit/e46c4c0ef542a64dc791253763a8273dfd7fb179
- github.com/apache/camel/pull/20035
- github.com/apache/camel/pull/20036
- github.com/apache/camel/pull/20037
- issues.apache.org/jira/browse/CAMEL-22719
- nvd.nist.gov/vuln/detail/CVE-2025-66169
Code Behaviors & Features
Detect and mitigate CVE-2025-66169 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →