Argument Validation Flaw in MongoDB Server by MongoDB
CVE-2025-3084

6.5MEDIUM

Key Information:

Vendor
MongoDB
Vendor
CVE Published:
1 April 2025

Summary

An argument validation flaw in MongoDB Server allows attackers to execute certain commands without proper validation. This can result in unexpected behavior, including crashes in router servers, potentially impacting the availability of the database. The affected versions include MongoDB Server v5.0 through 5.0.31, v6.0 until v6.0.20, v7.0 up to v7.0.16, and v8.0 prior to v8.0.4. Properly validating command arguments is crucial to ensuring robust security and uninterrupted database operations.

Affected Version(s)

MongoDB Server 5.0 < 5.0.31

MongoDB Server 6.0 < 6.0.20

MongoDB Server 7.0 < 7.0.16

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.