Denial of Service in MongoDB Server by Authorized Users
CVE-2025-7259

6.5MEDIUM

Key Information:

Vendor: MongoDB
Status: Mongodb Server
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-7259?

An authorized user can exploit the MongoDB Server by issuing queries with duplicate _id fields, leading to unexpected behavior that may result in service interruption. This vulnerability allows such users to trigger a Denial of Service condition, affecting the overall stability of the server. The issue is specifically present in MongoDB Server version 8.1.0.

Affected Version(s)

MongoDB Server 8.1 <= 8.1.0

References

https://jira.mongodb.org/browse/SERVER-102693

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Jul 7, 2025