6.5

CVE-2025-10059

EPSS 0.04%
Published 05.09.2025 20:26:52
Last modified 22.09.2025 16:55:12
Source cna@mongodb.com
Teams watchlist Login
Open Login

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mongodb ≫ Mongodb SwEdition- Version >= 6.0.0 < 6.0.24

Mongodb ≫ Mongodb SwEdition- Version >= 7.0.0 < 7.0.18

Mongodb ≫ Mongodb SwEdition- Version >= 8.0.0 < 8.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.126

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@mongodb.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://jira.mongodb.org/browse/SERVER-100901

Vendor Advisory

Issue Tracking

https://jira.mongodb.org/browse/SERVER-100909

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-10059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10059

EUVD