VYPR
Unrated severityNVD Advisory· Published Apr 1, 2025· Updated Apr 1, 2025

Malformed MongoDB wire protocol messages may cause mongos to crash

CVE-2025-3083

Description

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • MongoDB/MongoDBv52 versions
    cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mongodb:mongodb:5.0.0:*:*:*:*:*:*:*range: 5.0
    • (no CPE)range: v5.0 < 5.0.31, v6.0 < 6.0.20, v7.0 < 7.0.16
  • osv-coords
    Range: >= 5.0.0, < 5.0.31

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.