CVE-2025-13507

Summary

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8.2 versions prior to 8.2.1.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.MongoDB Server7.0 < 7.0.26affected
MongoDB Inc.MongoDB Server8.0 < 8.0.16affected
MongoDB Inc.MongoDB Server8.2 < 8.2.1affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References