CVE-2025-12738
📋 TL;DR
Neo4j Enterprise edition is vulnerable to an information disclosure attack where authenticated users can infer property values they shouldn't have access to. Attackers can enumerate possible property values by observing error messages when attempting to SET properties. This affects users with legitimate database access but insufficient read permissions.
💻 Affected Systems
- Neo4j Enterprise Edition
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sensitive data exposure including personally identifiable information, credentials, or business-critical data could be extracted by authenticated attackers.
Likely Case
Attackers with legitimate access can infer values of properties they shouldn't have read access to, potentially exposing sensitive configuration or user data.
If Mitigated
With proper access controls and monitoring, impact is limited to low-privileged users attempting to infer non-critical data.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of property enumeration techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.11.2 or 5.26.17 and above
Vendor Advisory: https://neo4j.com/security/CVE-2025-12738
Restart Required: Yes
Instructions:
1. Download Neo4j Enterprise 2025.11.2 or 5.26.17+ from official sources. 2. Stop Neo4j service. 3. Backup database and configuration. 4. Install updated version. 5. Restart Neo4j service. 6. Verify version and functionality.
🔧 Temporary Workarounds
Restrict Property Access
allImplement strict property-level access controls to limit what authenticated users can attempt to SET.
Use Neo4j security procedures to configure fine-grained property access controls
Error Message Obfuscation
allConfigure Neo4j to return generic error messages that don't reveal property value information.
Configure neo4j.conf with appropriate error handling settings
🧯 If You Can't Patch
- Implement strict network segmentation and limit database access to only necessary users
- Enhance monitoring for unusual SET property attempts and error message patterns
🔍 How to Verify
Check if Vulnerable:
Check Neo4j version using :sysinfo command or configuration files. If version is below 2025.11.2 or 5.26.17, system is vulnerable.Check Version:
CALL dbms.components() YIELD versions, edition RETURN versions, edition;Verify Fix Applied:
After patching, verify version is 2025.11.2 or 5.26.17+ and test that SET property operations return consistent error messages regardless of property value.📡 Detection & Monitoring
Log Indicators:
- Multiple SET property operations with different values returning error messages
- Unusual pattern of property modification attempts by single user
Network Indicators:
- Repeated Cypher queries attempting to SET properties with varying values
SIEM Query:
source="neo4j.log" AND ("SET" AND "property" AND "error") | stats count by src_ip, user