Vulnerability in KMIP Response Parser of MongoDB Products
CVE-2025-12657

5.9MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 3 November 2025

What is CVE-2025-12657?

The KMIP response parser present in certain MongoDB binaries exhibits excessive leniency towards malformed packets. This insufficient validation can allow the parser to handle these packets incorrectly, potentially leading to the creation of invalid objects. Subsequent attempts to read from these objects can trigger read access violations, posing a risk to system stability and data integrity.

Affected Version(s)

MongoDB Server 6.0 < 7.0.22

MongoDB Server 8.0 < 8.0.10

References

https://jira.mongodb.org/browse/SERVER-101230

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Nov 3, 2025

JSON