Unrated severityNVD Advisory· Published Sep 5, 2025· Updated Sep 5, 2025

MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

CVE-2025-10060

Description

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22 and MongoDB Server v8.0 versions prior to 8.0.12

Affected products

MongoDB/MongoDB Serverllm-fuzzy
Range: >=6.0 <6.0.25; >=7.0 <7.0.22; >=8.0 <8.0.12
MongoDB Inc/MongoDB Serverv5
Range: 6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.mongodb.org/browse/SERVER-95524mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000