PT-2025-41792 · Mongodb · Mongodb Rust Driver
Published
2025-10-13
·
Updated
2025-12-05
·
CVE-2025-11695
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MongoDB Rust Driver versions prior to 3.2.5
Description
The MongoDB Rust Driver is affected by an issue where setting
tlsInsecure=False in a connection string disables certificate validation. Normally, this parameter should enforce strict TLS certificate validation, verifying the server's certificate against trusted Certificate Authorities (CAs). Disabling certificate validation can lead to security risks. The vulnerable parameter is tlsInsecure.Recommendations
Ensure the MongoDB Rust Driver is updated to version 3.2.5 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb Rust Driver