PT-2025-14095 · Mongodb+2 · Mongodb+2

Published

2025-04-01

Updated

2025-09-23

CVE-2025-3083

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MongoDB versions prior to 5.0.31 MongoDB versions prior to 6.0.20 MongoDB versions prior to 7.0.16

Description Specifically crafted MongoDB wire protocol messages can cause MongoDB to crash during command validation. This issue can occur without using an authenticated connection. Attackers may be able to perform denial-of-service attacks and gain unauthorized access using revoked certificates. Over 1.2 million results have been found to be potentially affected.

Recommendations For MongoDB versions prior to 5.0.31, update to version 5.0.31 or later. For MongoDB versions prior to 6.0.20, update to version 6.0.20 or later. For MongoDB versions prior to 7.0.16, update to version 7.0.16 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

ALT-PU-2025-5420

ALT-PU-2025-5457

ALT-PU-2025-5545

BDU:2025-06210

BIT-MONGODB-2025-3083

CVE-2025-3083

Affected Products

Alt Linux

Mongodb

Red Os

PT-2025-14095 · Mongodb+2 · Mongodb+2

CVE-2025-3083

Weakness Enumeration

Related Identifiers

Affected Products

References · 28