CVE-2025-10193 HIGH

CVE-2025-10193: Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

Vendor Neo4J
Product neo4j-cypher MCP server
Weakness CWE-346 · Origin validation
Published September 11, 2025
Last update February 26, 2026

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N/V:D/RE:L/U:Amber

What the vulnerability does

01Description

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

Key dates

02Disclosure timeline

September 11, 2025 CVE published
February 26, 2026 Record updated