CVE-2025-7259

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jira.mongodb.org/browse/SERVER-102693	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mongodb:mongodb:8.1.0:*:*:*:-:*:*:*

History

03 Oct 2025, 20:50

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mongodb:mongodb:8.1.0::::-:::
References	~~() https://jira.mongodb.org/browse/SERVER-102693 -~~	() https://jira.mongodb.org/browse/SERVER-102693 - Issue Tracking, Vendor Advisory
First Time		Mongodb Mongodb mongodb

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 16:15

Updated : 2025-10-03 20:50

NVD link : CVE-2025-7259

Mitre link : CVE-2025-7259

CVE.ORG link : CVE-2025-7259

JSON object : View

Products Affected

mongodb

mongodb

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

6.5 /10