6.5

CVE-2025-10059

MongoDB Server router will crash when incorrect lsid is set on a sharded query

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MongodbMongodb SwEdition- Version >= 6.0.0 < 6.0.24
MongodbMongodb SwEdition- Version >= 7.0.0 < 7.0.18
MongodbMongodb SwEdition- Version >= 8.0.0 < 8.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.216
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@mongodb.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://jira.mongodb.org/browse/SERVER-100901
Vendor Advisory
Issue Tracking
https://jira.mongodb.org/browse/SERVER-100909
Vendor Advisory
Issue Tracking