CVE-2025-7259

MEDIUM

Mongodb - Type Confusion

Title source: rule

Description

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

References (1)

[Issue Tracking, Vendor Advisory] https://jira.mongodb.org/browse/SERVER-102693

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 28.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-843

Status published

Products (1)

mongodb/mongodb 8.1.0

Published Jul 07, 2025

Tracked Since Feb 18, 2026