Neo4J · Neo4J-Cypher Mcp Server · CVE-2025-10193
Name of the Vulnerable Software and Affected Versions:
Neo4j Cypher MCP server (affected versions not specified)
Description:
A DNS rebinding issue exists in the Neo4j Cypher MCP server. This allows malicious websites to circumvent Same-Origin Policy protections and execute unauthorized tool invocations against local Neo4j MCP instances. The attack requires a user to visit a malicious website and remain there long enough for DNS rebinding to occur.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.