CVE-2025-12119
MEDIUMMongoDB C Driver - Memory Corruption via Invalid Memory Read
Title source: llmDescription
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
References (4)
Scores
CVSS v3
6.8
EPSS
0.0001
EPSS Percentile
0.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-825
Status
published
Products (3)
mongodb/c_driver
1.9.0 - 1.30.6
mongodb/mongodb-extension
0 - 1.21.2Packagist
mongodb/php_driver
< 1.21.2
Published
Nov 18, 2025
Tracked Since
Feb 18, 2026