πŸ” CVE Alert

CVE-2025-10193

UNKNOWN 0.0

Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances.Β The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

CWE CWE-346
Vendor neo4j
Product neo4j-cypher mcp server
Published Sep 11, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for neo4j neo4j-cypher mcp server

Be the first to know when new unknown vulnerabilities affecting neo4j neo4j-cypher mcp server are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

neo4j / neo4j-cypher MCP server
0.2.2 ≀ 0.3.1

References

NVD β†— CVE.org β†— EPSS Data β†—
neo4j.com: https://neo4j.com/security/cve-2025-10193 github.com: https://github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-vcqx-v2mg-7chx github.com: https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.4.0

Credits

Evan Harris