CVE-2025-13643
published 2025-11-25CVE-2025-13643: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.19%
9.1th percentile
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | — | — |
| mongodb | mongodb | >= 7.0.0 < 7.0.26 | 7.0.26 |
| mongodb | mongodb | >= 8.0.0 < 8.0.14 | 8.0.14 |
| mongodb_inc | mongodb_server | >= 7.0 < 7.0.26 | 7.0.26 |
| mongodb_inc | mongodb_server | >= 8.0 < 8.0.14 | 8.0.14 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv4.02.3LOWCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-13643: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users
osv·2025-11-25·CVSS 2.3
CVE-2025-13643 [LOW] CVE-2025-13643: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
GHSA
GHSA-p2cp-6qqj-8xqc: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users
ghsa_unreviewed·2025-11-25
CVE-2025-13643 [LOW] CWE-862 GHSA-p2cp-6qqj-8xqc: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users
A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-25
Published