High severityGHSA Advisory· Published Sep 11, 2025· Updated Apr 15, 2026
CVE-2025-10193
CVE-2025-10193
Description
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mcp-neo4j-cypherPyPI | >= 0.2.2, < 0.4.0 | 0.4.0 |
Affected products
2- Range: >= 0.2.2, < 0.4.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-vcqx-v2mg-7chxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10193ghsaADVISORY
- github.com/neo4j-contrib/mcp-neo4j/commit/5b9fbdda6401668d7aa006daf7e644805c067c15ghsaWEB
- github.com/neo4j-contrib/mcp-neo4j/pull/165ghsaWEB
- github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.4.0nvdWEB
- github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-vcqx-v2mg-7chxnvdWEB
- neo4j.com/security/cve-2025-10193nvdWEB
News mentions
0No linked articles in our index yet.