Unrated severityNVD Advisory· Published Oct 20, 2025· Updated Oct 20, 2025

Use-after-free in the MongoDB server query planner may lead to crash or undefined behavior

CVE-2025-11979

Description

An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server v8.0 versions prior to 8.0.15, and MongoDB Server version 8.2.0.

Affected products

Activepdf/Serverllm-fuzzy
Range: >=7.0 <7.0.25, >=8.0 <8.0.15, =8.2.0
MongoDB Inc./Serverv5
Range: 8.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jira.mongodb.org/browse/SERVER-105873mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000