CVE-2025-3083

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-103152	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::
	cpe:2.3:a:mongodb:mongodb::::::::

History

No history.

Information

Published : 2025-04-01 12:15

Updated : 2025-09-22 14:15

NVD link : CVE-2025-3083

Mitre link : CVE-2025-3083

CVE.ORG link : CVE-2025-3083

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2025-3083", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-01T12:15:15.883", "references": [{"url": "https://jira.mongodb.org/browse/SERVER-103152", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \u00a0MongoDB v6.0 versions prior to\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16"}, {"lang": "es", "value": "Los mensajes de protocolo de conexi\u00f3n MongoDB manipulados espec\u00edficamente pueden provocar el bloqueo de MongoDB durante la validaci\u00f3n de comandos. Esto puede ocurrir sin usar una conexi\u00f3n autenticada. Este problema afecta a MongoDB v5.0 anteriores a la 5.0.31, MongoDB v6.0 anteriores a la 6.0.20 y MongoDB v7.0 anteriores a la 7.0.16."}], "lastModified": "2025-09-22T14:15:59.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66128ED7-B1B4-44B8-9295-D27461F161EA", "versionEndExcluding": "5.0.31", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F398EABB-311B-4726-A414-537D4EEE1A26", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E95B2F98-7920-4A34-8E4F-F01DB87A76FA", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}