Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability (CWE-89) in the Neo4jVectorFilterExpressionConverter class. Specifically, when a user-controlled string is used as a filter expression key, the doKey() method embeds this key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes but fails to escape embedded backticks. This improper sanitization can allow injection of malicious Cypher code. The vulnerability affects versions 1.0.0 up to but not including 1.0.5 and 1.1.0 up to but not including 1.1.4 of Spring AI.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform Cypher injection attacks, potentially leading to unauthorized data exposure or manipulation within the Neo4j database used by Spring AI. The CVSS score of 7.5 (high) reflects the network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality impact with no impact on integrity or availability. There are no known exploits in the wild at the time of this report.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch links or official fixes are provided in the available data, users should monitor the Spring project advisories for updates. Until a patch is available, avoid passing untrusted input as filter expression keys in Neo4jVectorFilterExpressionConverter or implement additional input validation and sanitization to prevent injection of backticks or other special characters.