Certificate Validation Bypass in MongoDB Rust Driver
CVE-2025-11695

8HIGH

Key Information:

Vendor: Mongodb
Status: Rust Driver
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-11695?

A vulnerability exists in the MongoDB Rust Driver that allows for the bypass of certificate validation. When the setting tlsInsecure=False is included in the connection string, it disables the necessary validation of certificates, potentially exposing applications to man-in-the-middle attacks and other security threats. This issue affects all versions of the MongoDB Rust Driver prior to v3.2.5, emphasizing the importance of updating to secure versions to ensure proper certificate validation is enforced.

Affected Version(s)

Rust Driver 0

References

https://jira.mongodb.org/browse/RUST-2264

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Oct 13, 2025

JSON

Mongodb

What is CVE-2025-11695?

Affected Version(s)

References

CVSS V3.1

Timeline