CVE-2025-12657

Summary

The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.MongoDB Server6.0 < 7.0.22affected
MongoDB Inc.MongoDB Server8.0 < 8.0.10affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References