CVE-2025-3083

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-103152

Configurations

No configuration.

History

01 Apr 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-01 12:15

Updated : 2025-04-01 20:26

NVD link : CVE-2025-3083

Mitre link : CVE-2025-3083

CVE.ORG link : CVE-2025-3083

JSON object : View

Products Affected

No product.

CWE

CWE-248

Uncaught Exception

7.5 /10