← back
CVE-2025-3083

Malformed MongoDB wire protocol messages may cause mongos to crash

CVSS 7.5 HIGHEPSS 0.4%CWE-248
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
MongoDB Inc · MongoDB Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jira.mongodb.org/browse/SERVER-103152