Base Score

HIGH7.4

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

VectorNETWORK

Published By3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6

Published DateSep 11, 2025, 14:15

Affected Versions(1)

mcp-neo4j-cypher(PyPI)

Introduced0.2.2

Fixed0.4.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mcp-neo4j-cypher(PyPI)	0.2.2	0.4.0	N/A

Weakness Type (CWE):CWE-346

CVSS Metrics

Base Score

7.4

Vector String

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:L/U:Amber

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

Base Score

HIGH7.4

Weakness Type (CWE):CWE-346

CVSS Metrics

Base Score

7.4

Vector String

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:L/U:Amber

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

ACTIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)