CVE-2025-10060

MEDIUM

MongoDB Server <6.0.25-8.0.12 - Info Disclosure

Title source: llm

Description

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-95524

Scores

CVSS v3 6.5

EPSS 0.0028

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-672

Status published

Products (1)

mongodb/mongodb 6.0.0 - 6.0.25

Published Sep 05, 2025

Tracked Since Feb 18, 2026