CVE-2025-11695

Summary

When tlsInsecure=False appears in a connection string, certificate validation is disabled.

This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5

Affected Software

VendorProductVersion RangeStatus
MongoDBRust Driver0 < v3.2.5affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References