CVE-2025-3083

HIGH

MongoDB <5.0.31, <6.0.20, <7.0.16 - DoS

Title source: llm

Description

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-103152

Scores

CVSS v3 7.5

EPSS 0.0026

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-248

Status published

Affected Products (1)

mongodb/mongodb < 5.0.31

Timeline

Published Apr 01, 2025

Tracked Since Feb 18, 2026