Vulnerability in Neo4j Neo4j-cypher Mcp Server
CVE-2025-10193
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user…
EPSS: 0.002 (10.7th percentile) — read the EPSS interpretation.
Affected products
- Neo4j Neo4j-cypher Mcp Server — versions 0.2.2
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6 (vendor-advisory)
- 3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6 (third-party-advisory)
- 3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6 (release-notes)
Frequently asked questions
- What is CVE-2025-10193?
- CVE-2025-10193 is a vulnerability in Neo4j Neo4j-cypher Mcp Server, classified under Origin Validation Error. Published 2025-09-11.
- Is CVE-2025-10193 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.