CVE-2025-2306

Name of the Vulnerable Software and Affected Versions Mongoose (affected versions not specified)

Description The Mongoose library is affected by a flaw that exposes millions of downloads to search injection. This issue arises from the improper handling of nested $where filters with populate() match, allowing attackers to manipulate search results and potentially gain unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.