Memory Access Issue in MongoDB Products
CVE-2025-12119

6.9MEDIUM

Key Information:

Vendor: Mongodb
Status: C Driver; PHP Driver
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-12119?

A potential memory access vulnerability exists within MongoDB products, particularly affecting the mongoc_bulk_operation_t function. When large options are provided to bulk operations, this vulnerability can result in invalid memory reads, potentially leading to unexpected behavior or application crashes. Users are advised to configure their options carefully and refer to the latest updates from MongoDB to mitigate any associated risks.

Affected Version(s)

C Driver 1.9.0 <= 1.30.5

C Driver 2.0.0 <= 2.1.1

PHP Driver 0 <= 2.1.2

References

https://github.com/mongodb/mongo-php-driver/releases/tag/...

https://github.com/mongodb/mongo-c-driver/releases/tag/1....

https://github.com/mongodb/mongo-c-driver/releases/tag/2.1.2

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Oct 23, 2025

JSON

Mongodb

What is CVE-2025-12119?

Affected Version(s)

References

CVSS V4

Timeline