Moderate severityNVD Advisory· Published Nov 18, 2025· Updated Jan 14, 2026
Bulk write with options may read invalid memory
CVE-2025-12119
Description
A mongoc_bulk_operation_t may read invalid memory if large options are passed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mongodb/mongodb-extensionPackagist | < 1.21.2 | 1.21.2 |
Affected products
3- Range: 0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-mwcc-7vpp-xmv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-12119ghsaADVISORY
- github.com/mongodb/mongo-c-driver/commit/775998df7c67ghsaWEB
- github.com/mongodb/mongo-c-driver/releases/tag/1.30.6ghsaWEB
- github.com/mongodb/mongo-c-driver/releases/tag/2.1.2ghsaWEB
- github.com/mongodb/mongo-php-driver/commit/fa5b43366407bc0e5b0a919ed374decd9022b2f9ghsaWEB
- github.com/mongodb/mongo-php-driver/releases/tag/1.21.2ghsaWEB
- jira.mongodb.org/browse/PHPC-2637ghsaWEB
- lists.debian.org/debian-lts-announce/2026/01/msg00009.htmlghsaWEB
News mentions
0No linked articles in our index yet.