CVE-2025-7259

EPSS 0.06%
Published 07.07.2025 15:59:01
Last modified 03.10.2025 20:50:32
Source cna@mongodb.com
Teams watchlist Login
Open Login

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Mongodb ≫ Mongodb Version8.1.0 SwEdition-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@mongodb.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://jira.mongodb.org/browse/SERVER-102693

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-7259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7259

EUVD