|
Vulnerabilities
< Back

CVE-2025-7259

Updated on 07 Jul 2025

Severity

6.5 Medium severity

Details

CVSS score
6.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Details

Affected product:
Alpine Linux 3.22 , Debian 12 , Debian 13
Affected packages:
mongodb @ 6.0 (+11 more)
An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.

Fixes