CVE-2025-10193

Summary

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

Affected Software

VendorProductVersion RangeStatus
neo4jneo4j-cypher MCP server0.2.2 <= 0.3.1affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error

Workarounds

Use stdio mode if you cannot upgrade to v0.4.0 and above.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References