CVE-2025-3083

HIGH

MongoDB <5.0.31, <6.0.20, <7.0.16 - DoS

Title source: llm
STIX 2.1

Description

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory
https://jira.mongodb.org/browse/SERVER-103152

Scores

CVSS v3 7.5
EPSS 0.0037
EPSS Percentile 28.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-248
Status published
Products (1)
mongodb/mongodb 5.0.0 - 5.0.31
Published Apr 01, 2025
Tracked Since Feb 18, 2026