CVE-2025-56406
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-09-16

Assigner: MITRE

Description
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local environment where authentication realistically would not be needed. Also, the Supplier provides middleware to help isolate the MCP server from external access (if needed).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-09-16
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56406
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
neo4j mcp-neo4j 0.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in mcp-neo4j version 0.3.0 allows attackers to gain sensitive information or execute arbitrary commands via the Server-Sent Events (SSE) service because the MCP service does not configure any authentication mechanism for its SSE/HTTP protocols. This lack of authentication permits any user to remotely access and control the MCP service through HTTP requests without credentials. [1, 2]

Impact Analysis

The vulnerability allows unauthorized users to access and manipulate the MCP service remotely without any authentication. This can lead to exposure of sensitive information and unauthorized execution of commands, potentially compromising the integrity and confidentiality of the system running the MCP service. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to access the MCP service endpoint (e.g., http://<host>:8080/api/mcp/) without any authentication. If the service responds and allows control or information retrieval without credentials, it is vulnerable. A simple command to test this is using curl: curl http://<host>:8080/api/mcp/ -v. If the response returns data or allows commands without authentication, the vulnerability exists. [1, 2]

Mitigation Strategies

Immediate mitigation steps include: 1) Network Isolation: Deploy the affected system in a strictly isolated network environment such as behind a VPN or internal network, restricting access to trusted client IPs only. 2) Firewall Restrictions: Configure host or network firewalls to limit inbound connections to the vulnerable service port, allowing only authorized applications. 3) Avoid Public Exposure: Ensure the vulnerable service is not exposed directly to the public internet. 4) Monitor official updates from the vendor and apply patches promptly once available. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart