Vulnerability in Neo4j Neo4j-cypher Mcp Server

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user…

EPSS: 0.002 (10.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-10193?
CVE-2025-10193 is a vulnerability in Neo4j Neo4j-cypher Mcp Server, classified under Origin Validation Error. Published 2025-09-11.
Is CVE-2025-10193 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.