CVE-2025-3083
Vulnerability from cvelistv5
Published
2025-04-01 11:12
Modified
2025-04-01 13:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
References
cna@mongodb.comhttps://jira.mongodb.org/browse/SERVER-103152
Impacted products
Vendor Product Version
MongoDB Inc MongoDB Server Version: 5.0   < 5.0.31
Version: 6.0   < 6.0.20
Version: 7.0.   < 7.0.16
    cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2025-3083",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-01T13:11:21.374450Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-01T13:18:48.632Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "MongoDB Server",
               vendor: "MongoDB Inc",
               versions: [
                  {
                     lessThan: "5.0.31",
                     status: "affected",
                     version: "5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.20",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.0.16",
                     status: "affected",
                     version: "7.0.",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2025-04-01T11:10:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, &nbsp;MongoDB v6.0 versions prior to&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">6.0.20 and MongoDB v7.0 versions prior to 7.0.16</span><br>",
                  },
               ],
               value: "Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-248",
                     description: "CWE-248: Uncaught Exception",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-04-01T11:12:31.268Z",
            orgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
            shortName: "mongodb",
         },
         references: [
            {
               url: "https://jira.mongodb.org/browse/SERVER-103152",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Malformed MongoDB wire protocol messages may cause mongos to crash",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
      assignerShortName: "mongodb",
      cveId: "CVE-2025-3083",
      datePublished: "2025-04-01T11:12:31.268Z",
      dateReserved: "2025-04-01T08:58:57.864Z",
      dateUpdated: "2025-04-01T13:18:48.632Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-3083\",\"sourceIdentifier\":\"cna@mongodb.com\",\"published\":\"2025-04-01T12:15:15.883\",\"lastModified\":\"2025-04-01T20:26:11.547\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@mongodb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]}],\"references\":[{\"url\":\"https://jira.mongodb.org/browse/SERVER-103152\",\"source\":\"cna@mongodb.com\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3083\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-01T13:11:21.374450Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-01T13:11:28.085Z\"}}], \"cna\": {\"title\": \"Malformed MongoDB wire protocol messages may cause mongos to crash\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.16:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.17:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.18:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.19:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.21:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.22:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.23:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.24:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.25:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.26:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.27:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.28:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.29:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:5.0.30:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.15:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.16:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.17:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.18:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:6.0.19:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.8:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.9:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.10:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.11:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.13:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:mongodb:mongodb:7.0.15:*:*:*:*:*:*:*\"], \"vendor\": \"MongoDB Inc\", \"product\": \"MongoDB Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.0.31\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.0.20\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0.\", \"lessThan\": \"7.0.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-04-01T11:10:00.000Z\", \"references\": [{\"url\": \"https://jira.mongodb.org/browse/SERVER-103152\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, \\u00a0MongoDB v6.0 versions prior to\\u00a06.0.20 and MongoDB v7.0 versions prior to 7.0.16\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<span style=\\\"background-color: rgb(255, 255, 255);\\\">Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, &nbsp;MongoDB v6.0 versions prior to&nbsp;</span><span style=\\\"background-color: rgb(255, 255, 255);\\\">6.0.20 and MongoDB v7.0 versions prior to 7.0.16</span><br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-248\", \"description\": \"CWE-248: Uncaught Exception\"}]}], \"providerMetadata\": {\"orgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"shortName\": \"mongodb\", \"dateUpdated\": \"2025-04-01T11:12:31.268Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2025-3083\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-01T13:18:48.632Z\", \"dateReserved\": \"2025-04-01T08:58:57.864Z\", \"assignerOrgId\": \"a39b4221-9bd0-4244-95fc-f3e2e07f1deb\", \"datePublished\": \"2025-04-01T11:12:31.268Z\", \"assignerShortName\": \"mongodb\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.