CVE-2025-13643Missing Authorization in INC Mongodb Server

CWE-862Missing Authorization4 documents4 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 74.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mongodb INC Mongodb ServerMongodb
Timeline
PublishedNov 25

Description

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5mongodb_inc/mongodb_server8.08.0.14+1
NVDmongodb/mongodb7.0.07.0.26+2

🔴Vulnerability Details

3
OSV
CVE-2025-13643: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users2025-11-25
CVEList
MongoDB Server may allow queries to be terminated by unauthorized users2025-11-25
GHSA
GHSA-p2cp-6qqj-8xqc: A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users2025-11-25
CVE-2025-13643 — Missing Authorization | cvebase