Executive Summary

CVE-2025-10193 is a DNS rebinding vulnerability in the Neo4j Cypher MCP server that allows malicious websites to bypass the Same-Origin Policy protections. This enables attackers to execute unauthorized tool invocations against locally running Neo4j MCP instances. The attack requires a user to visit a malicious website and stay there long enough for the DNS rebinding to succeed, exploiting improper origin validation. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized execution of commands or tool invocations on your local Neo4j MCP server by a malicious website, potentially compromising the confidentiality and integrity of your data. Since no privileges are required and the attack happens via the network with user interaction, it poses a high risk of unauthorized access and manipulation of your Neo4j instance. [1]

Useful 0 Not Useful 0

Detection Guidance

The provided resources do not include specific detection methods or commands to identify this DNS rebinding vulnerability on your network or system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, upgrade the Neo4j Cypher MCP server to version 0.4.0 or later, which includes security updates such as CORS middleware that blocks all web-based access by default. If upgrading is not immediately possible, use the stdio transport mode as a workaround. Additionally, configure CORS and Trusted Hosts middleware using the new environment variables or CLI options (`NEO4J_MCP_SERVER_ALLOW_ORIGINS`, `--allow-origins`, `NEO4J_MCP_SERVER_ALLOWED_HOSTS`, `--allowed-hosts`) to restrict access. Applying these steps will help prevent unauthorized tool invocations via DNS rebinding attacks. [1, 2]

Useful 0 Not Useful 0