CVE-2025-13507Improper Validation of Specified Quantity in Input in INC Mongodb Server

CWE-1284Improper Validation of Specified Quantity in Input4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 64.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedNov 25

Description

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8.2 versions prior to 8.2.1.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server7.07.0.26+2
NVDmongodb/mongodb7.0.07.0.26+2

🔴Vulnerability Details

3
GHSA
GHSA-jq7c-628x-vm55: Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert fa2025-11-25
OSV
CVE-2025-13507: Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert fa2025-11-25
CVEList
Time-series operations may cause internal BSON size limit to be exceed2025-11-25
CVE-2025-13507 — INC Mongodb Server vulnerability | cvebase