CVE-2025-3084

Summary

When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4

Affected Software

VendorProductVersion RangeStatus
MongoDB IncMongoDB Server5.0 < 5.0.31affected
MongoDB IncMongoDB Server6.0 < 6.0.20affected
MongoDB IncMongoDB Server7.0 < 7.0.16affected
MongoDB IncMongoDB Server8.0 < 8.0.4affected

Weaknesses

  • CWE-703: CWE-703: Improper Check or Handling of Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References