CVE-2025-11979
MEDIUMMongoDB 7.0.0-7.0.24 - Authenticated Denial of Service via DDL Operation Buffer Over-Read
Title source: llmDescription
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.
References (1)
Core 1
Core References
Vendor Advisory
https://jira.mongodb.org/browse/SERVER-105873
Scores
CVSS v3
5.3
EPSS
0.0025
EPSS Percentile
15.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
mongodb/mongodb
7.0.0 - 7.0.25
Published
Oct 20, 2025
Tracked Since
Feb 18, 2026