High severityNVD Advisory· Published Oct 13, 2025· Updated Feb 26, 2026
Configuration may unexpectedly disable certificate validation
CVE-2025-11695
Description
When tlsInsecure=False appears in a connection string, certificate validation is disabled.
This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mongodbcrates.io | < 3.2.5 | 3.2.5 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-3p6w-gv5g-xjw9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-11695ghsaADVISORY
- github.com/mongodb/mongo-rust-driver/commit/21ed6aeeea386628621b36a6af2a1a248cc87dcfghsaWEB
- github.com/mongodb/mongo-rust-driver/commit/b918cd6676331c45f26dd1acd13e230aaf17fe6dghsaWEB
- github.com/mongodb/mongo-rust-driver/pull/1453ghsaWEB
- jira.mongodb.org/browse/RUST-2264ghsaWEB
News mentions
0No linked articles in our index yet.