Argument Validation Flaw in MongoDB Server by MongoDB
CVE-2025-3084

6.5MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 1 April 2025

Summary

An argument validation flaw in MongoDB Server allows attackers to execute certain commands without proper validation. This can result in unexpected behavior, including crashes in router servers, potentially impacting the availability of the database. The affected versions include MongoDB Server v5.0 through 5.0.31, v6.0 until v6.0.20, v7.0 up to v7.0.16, and v8.0 prior to v8.0.4. Properly validating command arguments is crucial to ensuring robust security and uninterrupted database operations.

Affected Version(s)

MongoDB Server 5.0 < 5.0.31

MongoDB Server 6.0 < 6.0.20

MongoDB Server 7.0 < 7.0.16

References

https://jira.mongodb.org/browse/SERVER-103153

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Apr 1, 2025