VYPR
Unrated severityNVD Advisory· Published Sep 5, 2025· Updated Sep 5, 2025

MongoDB Server router will crash when incorrect lsid is set on a sharded query

CVE-2025-10059

Description

An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, MongoDB Server v7.0 versions prior to 7.0.18 and MongoDB Server v8.0 versions prior to 8.0.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MongoDB/Serverllm-fuzzy
    Range: >=6.0.0 <6.x, >=7.0.0 <7.0.18, >=8.0.0 <8.0.6
  • osv-coords
    Range: >= 6.0.0, < 6.0.24
  • MongoDB Inc/MongoDB Serverv5
    Range: 6.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.