CVE-2025-3083

Summary

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

Affected Software

VendorProductVersion RangeStatus
MongoDB IncMongoDB Server5.0 < 5.0.31affected
MongoDB IncMongoDB Server6.0 < 6.0.20affected
MongoDB IncMongoDB Server7.0. < 7.0.16affected

Weaknesses

  • CWE-248: CWE-248: Uncaught Exception

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References