Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN027
_____________________________________________________________________

DATE                : 14/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Camel versions prior to
                            4.10.8, 4.14.3, 4.17.0.

=====================================================================
https://camel.apache.org/security/CVE-2025-66169.html
_____________________________________________________________________


Apache Camel security advisory: CVE-2025-66169

Severity
MEDIUM

Summary
Cypher injection vulnerability in Camel-Neo4j component

Versions affected
Apache Camel 4.10.x before 4.10.8, Apache Camel 4.14.x before 4.14.3,
Apache Camel 4.15.0 and 4.16.0.

Versions fixed
4.10.8, 4.14.3 and 4.17.0


Description
Camel neo4j component is vulnerable to Cypher injection: attackers
can construct specific query statements to execute unintended
operations in the Neo4j database.


Notes

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-22719
refers to the commit that resolved the issue, and have more details.


Mitigation
Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS
and 4.14.3 for 4.14.x LTS and 4.17.0.


Credit
This issue was discovered and reported by Ya0H4cker.


References

PGP signed advisory data: CVE-2025-66169.txt.asc
Mitre CVE Entry: https://www.cve.org/CVERecord?id=CVE-2025-66169



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================