PT-2025-47992 · Mongodb+1 · Mongodb Server+2

Published

2025-02-21

Updated

2025-12-19

CVE-2025-13644

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.13 MongoDB Server versions prior to 8.1.2

Description MongoDB Server may encounter an invariant failure during batched delete operations when processing documents. This occurs because the server incorrectly assumes multiple documents exist within a batch, relying solely on the document size exceeding the BSONObjMaxSize limit.

Recommendations Update MongoDB Server to version 7.0.26 or later. Update MongoDB Server to version 8.0.13 or later. Update MongoDB Server to version 8.1.2 or later.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2025-14799

BIT-MONGODB-2025-13644

CVE-2025-13644

Affected Products

Mongodb Server

Mongodb

Red Os

PT-2025-47992 · Mongodb+1 · Mongodb Server+2

CVE-2025-13644

Weakness Enumeration

Related Identifiers

Affected Products

References · 17