{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:51:47.173","vulnerabilities":[{"cve":{"id":"CVE-2025-12738","sourceIdentifier":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","published":"2026-01-22T15:16:47.127","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying to enumerate all possible values through observing error messages of SET property.\nWe recommend upgrading to 2025.11.2 or 5.26.17 and above, where the issues is fixed."},{"lang":"es","value":"Las versiones de Neo4j Enterprise edition anteriores a 2025.11.2 y 5.26.17 son vulnerables a una potencial revelación de información por un atacante que tiene algún acceso legítimo a la base de datos. La vulnerabilidad permite al atacante sin acceso de lectura a una propiedad inferir información sobre su valor intentando enumerar todos los valores posibles mediante la observación de los mensajes de error de la propiedad SET. Recomendamos actualizar a 2025.11.2 o 5.26.17 y versiones posteriores, donde el problema está solucionado."}],"metrics":{"cvssMetricV40":[{"source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:X","baseScore":1.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://neo4j.com/security/CVE-2025-12738","source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}]}}]}