cnvd - cnvd-2025-15516

cnvd-2025-15516

Vulnerability from cnvd

Title: MongoDB Server资源管理错误漏洞（CNVD-2025-15516）

Description:

MongoDB Server是MongoDB公司的分布式文档数据库系统。

MongoDB Server 8.0至8.0.10之前版本存在资源管理错误漏洞，该漏洞源于内部操作的内存管理效率不足。攻击者可利用该漏洞通过高内存占用导致服务中断或服务器崩溃。

Severity: 中

Patch Name: MongoDB Server资源管理错误漏洞（CNVD-2025-15516）的补丁

Patch Description:

MongoDB Server是MongoDB公司的分布式文档数据库系统。

MongoDB Server 8.0至8.0.10之前版本存在资源管理错误漏洞，该漏洞源于内部操作的内存管理效率不足。攻击者可利用该漏洞通过高内存占用导致服务中断或服务器崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载接： https://jira.mongodb.org/browse/SERVER-106751

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-6712

Impacted products

Name
MongoDB MongoDB Server >=8.0，<8.0.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-6712",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-6712"
    }
  },
  "description": "MongoDB Server\u662fMongoDB\u516c\u53f8\u7684\u5206\u5e03\u5f0f\u6587\u6863\u6570\u636e\u5e93\u7cfb\u7edf\u3002\n\nMongoDB Server 8.0\u81f38.0.10\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8\u64cd\u4f5c\u7684\u5185\u5b58\u7ba1\u7406\u6548\u7387\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u9ad8\u5185\u5b58\u5360\u7528\u5bfc\u81f4\u670d\u52a1\u4e2d\u65ad\u6216\u670d\u52a1\u5668\u5d29\u6e83\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\u63a5\uff1a\r\nhttps://jira.mongodb.org/browse/SERVER-106751",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-15516",
  "openTime": "2025-07-10",
  "patchDescription": "MongoDB Server\u662fMongoDB\u516c\u53f8\u7684\u5206\u5e03\u5f0f\u6587\u6863\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nMongoDB Server 8.0\u81f38.0.10\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u90e8\u64cd\u4f5c\u7684\u5185\u5b58\u7ba1\u7406\u6548\u7387\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u9ad8\u5185\u5b58\u5360\u7528\u5bfc\u81f4\u670d\u52a1\u4e2d\u65ad\u6216\u670d\u52a1\u5668\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MongoDB Server\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15516\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "MongoDB MongoDB Server \u003e=8.0\uff0c\u003c8.0.10"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-6712",
  "serverity": "\u4e2d",
  "submitTime": "2025-07-08",
  "title": "MongoDB Server\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-15516\uff09"
}

CVE-2025-6712 (GCVE-0-2025-6712)

Vulnerability from cvelistv5

Published

2025-07-07 14:44

Modified

2025-07-07 14:53

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Summary

MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10

References

▼	URL	Tags
	https://jira.mongodb.org/browse/SERVER-106751

Impacted products

	Vendor	Product	Version
	MongoDB Inc	MongoDB Server	Version: 8.0 < 8.0.10 cpe:2.3:a:mongodb:mongodb:8.0.0:::::::* cpe:2.3:a:mongodb:mongodb:8.0.1:::::::* cpe:2.3:a:mongodb:mongodb:8.0.2:::::::* cpe:2.3:a:mongodb:mongodb:8.0.3:::::::* cpe:2.3:a:mongodb:mongodb:8.0.4:::::::* cpe:2.3:a:mongodb:mongodb:8.0.5:::::::* cpe:2.3:a:mongodb:mongodb:8.0.6:::::::* cpe:2.3:a:mongodb:mongodb:8.0.7:::::::* cpe:2.3:a:mongodb:mongodb:8.0.8:::::::* cpe:2.3:a:mongodb:mongodb:8.0.9:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6712",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-07T14:53:35.680320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-07T14:53:47.097Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mongodb:mongodb:8.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:mongodb:mongodb:8.0.9:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc",
          "versions": [
            {
              "lessThan": "8.0.10",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-07-07T14:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10\u003c/p\u003e"
            }
          ],
          "value": "MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T14:45:55.924Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-106751"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MongoDB Server may be susceptible to DoS due to Accumulated Memory Allocation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2025-6712",
    "datePublished": "2025-07-07T14:44:38.183Z",
    "dateReserved": "2025-06-26T11:48:56.095Z",
    "dateUpdated": "2025-07-07T14:53:47.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted