CVE-2025-10061

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.22 MongoDB Server versions prior to 8.0.12 MongoDB Server versions prior to 8.1.2

Description An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. The issue is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation, potentially leading to a denial of service if repeatedly triggered.

Recommendations Upgrade MongoDB Server to version 6.0.25 or later. Upgrade MongoDB Server to version 7.0.22 or later. Upgrade MongoDB Server to version 8.0.12 or later. Upgrade MongoDB Server to version 8.1.2 or later.