Security Advisory

CVE-2025-10193

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-11 14:05:30

Last updated 2026-02-26 17:48:41

Assigner Neo4j

State PUBLISHED

Description

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

← Browse all CVEs View on cve.org ↗