GHSA-vcqx-v2mg-7chx

Source

https://github.com/advisories/GHSA-vcqx-v2mg-7chx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-vcqx-v2mg-7chx/GHSA-vcqx-v2mg-7chx.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vcqx-v2mg-7chx

Aliases

CVE-2025-10193

Published

2025-09-11T23:26:00Z

Modified

2025-09-11T23:42:21.420979Z

Severity

7.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Neo4j Cypher MCP server is vulnerable to DNS rebinding

Details

Impact

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.

Patches

CORS Middleware added to Cypher MCP server v0.4.0 that blocks all web-based access by default.

Workarounds

If you cannot upgrade to v0.4.0 and above, use stdio mode.

References

Vendor Advisory https://www.cve.org/CVERecord?id=CVE-2025-10193

Credits We want to publicly recognize the contribution of Evan Harris from mcpsec.dev for reporting this issue and following the responsible disclosure policy.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2025-09-11T14:15:40Z",
    "cwe_ids": [
        "CWE-346"
    ],
    "github_reviewed_at": "2025-09-11T23:26:00Z"
}

References

Affected packages

PyPI / mcp-neo4j-cypher

Package

Name: mcp-neo4j-cypher; View open source insights on deps.dev
Purl: pkg:pypi/mcp-neo4j-cypher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.2.2

Fixed

0.4.0

Affected versions

0.*

0.2.2

0.2.3

0.2.4

0.3.0

0.3.1