Buffer Over-Read Enables System Disruption in MongoDB Server by MongoDB, Inc.
CVE-2025-11979

5.3MEDIUM

Key Information:

Vendor: MongoDB
Status: Server
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-11979?

An authorized user can exploit a buffer over-read vulnerability in MongoDB Server, potentially leading to server crashes. This occurs when a Data Definition Language (DDL) operation is executed concurrently with other queries, particularly under specific conditions. Affected versions include MongoDB Server v7.0 prior to 7.0.25, v8.0 prior to 8.0.15, and version 8.2.0. It is crucial for users to update their MongoDB Server versions promptly to mitigate this risk.

Affected Version(s)

Server 8.2.0

Server 8.0.0 < 8.0.14

Server 7.0.0 < 7.0.25

References

https://jira.mongodb.org/browse/SERVER-105873

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 20, 2025

JSON